热点概要:CVE-2017-12617:Apache Tomcat JSP Upload Bypass / Remote Code Execution、逆向工程macOS High Sierra补充更新、用radare2逆向工程一个Gameboy ROM、Google Chrome pdfium stack-based buffer overflow vulnerability with PoC (CVE-2017-5095)
国内热词(以下内容部分来自:http://www.solidot.org/ )
Windows 10 更新移除 Windows Media Player
PureVPN 日志被指帮助 FBI 识别网络骚扰者
资讯类:
印度国家互联网注册管理机构被黑:15个比特币就能拿下整个印度互联网
FBI在“无日志”VPN提供商共享用户日志之后逮捕了一名网络追踪者
https://thehackernews.com/2017/10/no-logs-vpn-service-security_8.html
技术类:
CVE-2017-12617:Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 – JSP Upload Bypass / Remote Code Execution
https://github.com/cyberheartmi9/CVE-2017-12617
逆向工程macOS High Sierra补充更新
https://cocoaengineering.com/2017/10/08/reverse-engineering-macos-high-sierra-supplemental-update/
Mythril简介:一个在Ethereum区块链上进行bug hunting的框架
MetaTwin:借助Microsoft Metadata和数字签名“隐藏”二进制文件
用radare2逆向工程一个Gameboy ROM
https://www.megabeets.net/reverse-engineering-a-gameboy-rom-with-radare2/
cameradar:一款可以攻击CCTV摄像头的工具
https://github.com/EtixLabs/cameradar
从勒索病毒和其他破坏性事件中恢复数据
https://nccoe.nist.gov/publication/1800-11/index.html
Google Chrome pdfium stack-based buffer overflow vulnerability with PoC (CVE-2017-5095)
https://bugs.chromium.org/p/chromium/issues/detail?id=732661
一些你不得不知的Linux命令