【知识】7月24日 - 每日安全知识热点

360安全客 安全知识 61620 4

http://p6.qhimg.com/t017313015b51e6034e.png

热点概要:Black Hat USA 2017军火库、看我如何黑掉PayPal的服务器,从任意文件上传到远程代码执行、通过Excel.Application RegisterXLL()方法执行DLL、Cisco WebEx Browser Extension RCE漏洞(CVE-2017-6753)分析、常见恶意软件分析工具介绍、从DNS和sinkhole视角看WannaCry蠕虫、英国牙医(NSA泄露漏洞利用工具之一)Exploit Analysis


资讯类:

报警:尼日利亚钓鱼正威胁全球工业企业

http://mp.weixin.qq.com/s/m5QMzsGYVrU_bn1WmCj2HQ 

技术类:

看我如何黑掉PayPal的服务器,从任意文件上传到远程代码执行

http://blog.pentestbegins.com/2017/07/21/hacking-into-paypal-server-remote-code-execution-2017/ 

深入了解奇偶校验bug

http://hackingdistributed.com/2017/07/22/deep-dive-parity-bug/ 

通过Excel.Application RegisterXLL()方法执行DLL

https://gist.github.com/ryhanson/227229866af52e2d963cf941af135a52 

Fast-key-erasure随机数生成器

http://blog.cr.yp.to/20170723-random.html 

Cisco WebEx Browser Extension RCE漏洞(CVE-2017-6753)分析

http://mp.weixin.qq.com/s/v4oxyVqTA6sgtD3dHkKG7Q 

英国牙医(NSA泄露漏洞利用工具之一)Exploit Analysis

https://blogs.technet.microsoft.com/srd/2017/07/20/englishmansdentist-exploit-analysis/ 

浅析OGNL表达式求值(S2-003/005/009跟踪调试记录)

http://mp.weixin.qq.com/s/VoNbuNE-SkAdMzngRv121Q 

从DNS和sinkhole视角看WannaCry蠕虫

http://blog.netlab.360.com/wannacry-from-dns-and-sinkhole-view/ 

DG在Windows 10 S:执行任意代码

https://tyranidslair.blogspot.co.uk/2017/07/dg-on-windows-10-s-executing-arbitrary.html 

Inject All the Things – DLL injection

http://blog.deniable.org/blog/2017/07/16/inject-all-the-things/ 

fuzz monkey – infrastructure fuzzer/fuzzing tools.

http://seclist.us/fuzz-monkey-infrastructure-fuzzerfuzzing-tools.html 

Patching SambaCry by exploiting it

https://astr0baby.wordpress.com/2017/07/22/patching-sambacry-by-exploiting-it/ 

常见恶意软件分析工具介绍

http://www.hackingtutorials.org/malware-analysis-tutorials/basic-malware-analysis-tools/ 

防止深度包检测的方法

http://blog.codingnow.com/2017/07/antidpi.html 

Kayak:CAN bus分析工具

https://n0where.net/can-bus-analysis-tool-kayak/ 

hacking移动电话嵌入式系统

https://recon.cx/2017/montreal/resources/slides/RECON-MTL-2017-Hacking_Cell_Phone_Embedded_Systems.pdf 

NXcrypt:基于Python的后门框架

https://n0where.net/python-backdoor-framework-nxcrypt/ 

Websploit Wifi Jammer

http://www.hackingtutorials.org/metasploit-tutorials/websploit-wifi-jammer/ 

开发安全的 API 所需要核对的清单

https://github.com/shieldfy/API-Security-Checklist/blob/master/README-zh.md 

NagaScan:针对Web应用的分布式被动扫描器

http://www.kitploit.com/2017/07/nagascan-nagascan-is-distributed.html 

https://github.com/brianwrf/NagaScan 

Black Hat USA 2017军火库

https://medium.com/hack-with-github/black-hat-arsenal-usa-2017-3fb5bd9b5cf2 

(完)