热点概要:Optionsbleed:HTTP OPTIONS方法可以泄露Apache服务器的内存、CCleaner恶意代码分析预警、USENIX Security '17 会议视频、Linux攻击面分析
国内热词(一下内容部分来自:http://www.solidot.org/ )
CCleanup v5.33 被发现植入恶意代码
利用 Subsystem for Linux 攻击 Windows
因 Facebook 的专利条款 WordPress 放弃 ReactJS
资讯类:
警告:CCleaner被黑客植入恶意代码,超过230万用户感染
http://thehackernews.com/2017/09/ccleaner-hacked-malware.html
未打补丁的Windows内核bug可促使恶意软件绕过杀软的检测
http://thehackernews.com/2017/09/windows-kernel-malware.html
技术类:
Fastbin攻击:堆漏洞利用代码开发
https://0x00sec.org/t/heap-exploitation-fastbin-attack/3627
CCleaner恶意代码分析预警
http://bobao.360.cn/news/detail/4327.html
CCleanup被曝存在后门,海量计算机受影响
http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html
Optionsbleed:HTTP OPTIONS方法可以泄露Apache服务器的内存
https://www.exploit-db.com/exploits/42745/
USENIX Security '17 会议视频
https://www.youtube.com/playlist?list=PLbRoZ5Rrl5leSmnr5gJpvedQ3oj2ostRR
TrickBot如何通过Web注入影响到被攻击者
https://www.uperesia.com/how-trickbot-tricks-its-victims
docker镜像更新频率一览
https://anchore.com/blog/look-often-docker-images-updated/
Leaked Lists
AWS渗透测试part 1:S3 Buckets
https://www.virtuesecurity.com/blog/aws-penetration-testing-s3-buckets/
Pytosquatting:在PyPI中删除违规伪装命名的恶意模块
https://www.pytosquatting.org/
Linux攻击面分析
https://anvilventures.com/blog/linux-attack-surface-analysis.html
使用Frequency分析来防御Office 365
https://blogs.technet.microsoft.com/office365security/using-frequency-analysis-to-defend-office-365/
新型恶意软件变种"Nyetya"威胁大量计算机
http://blog.talosintelligence.com/2017/06/worldwide-ransomware-variant.html
MinerBlock:A web extension to block web based cryptocurrency miners all over the web.
https://github.com/xd4rker/MinerBlock
Kioptrix: Level 1.2 Walkthrough – Vulnhub
https://www.jimwilbur.com/2017/09/kioptrix-level-1-2-walkthrough-vulnhub/
s2-052 iso镜像实验环境
https://pentesterlab.com/exercises/s2-052
Hacking a Pizza Order with Burp Suite
https://privsec.blog/hacking-a-pizza-order-with-burp-suite/
Malicious Chrome extension meddling with your searches
https://blog.0day.rocks/malicious-chrome-extension-meddling-with-your-searches-581aa56ddc9c
debian-sys-maint-roll-passwd
https://github.com/digitalocean/debian-sys-maint-roll-passwd