【知识】8月23日 - 每日安全知识热点

http://p6.qhimg.com/t017313015b51e6034e.png

热点概要:Discuz X3.3补丁安全分析、如何在tor网络中避开特定地理区域、以DVRF(路由器漏洞靶机)为例解读JEB固件漏洞利用、如何劫持无线鼠标和键盘、解读智能机器人的安全问题、EggShell:基于Python的iOS、macOS后渗透工具、ScrumWorks Pro远程代码执行漏洞

资讯类:

源自中国公司的个信广告SDK染指安卓监控软件?谷歌下架更新500款App

https://blog.lookout.com/igexin-malicious-sdk 

技术类:

【漏洞分析】Discuz X3.3补丁安全分析

http://bobao.360.cn/learning/detail/4302.html 

Bitdefender:通过7z LZMA堆缓冲区溢出

https://landave.io/2017/08/bitdefender-heap-buffer-overflow-via-7z-lzma/ 


如何在tor网络中避开特定地理区域

https://detor.cs.umd.edu/ 


NIZKCTF:一个非交互式零基础的CTF平台

https://arxiv.org/pdf/1708.05844.pdf 

以DVRF(路由器漏洞靶机)为例解读JEB固件漏洞利用

Part 1:https://www.pnfsoftware.com/blog/firmware-exploitation-with-jeb-part-1/    

Part 2:https://www.pnfsoftware.com/blog/firmware-exploitation-with-jeb-part-2/ 

利用工业协同机器人(解读智能机器人的安全问题)

http://blog.ioactive.com/2017/08/Exploiting-Industrial-Collaborative-Robots.html 

如何劫持无线鼠标和键盘

https://toshellandback.com/2017/08/16/mousejack/ 

shadow v2公开发布

https://census-labs.com/news/2017/08/22/shadow-v2-release/ 

https://github.com/CENSUS/shadow 

EggShell:基于Python的iOS、macOS后渗透工具

https://github.com/neoneggplant/EggShell/ 

Java 8 Jar&Android APK逆向工程工具(Decompiler,Editor,Debugger&More)

https://github.com/Konloch/bytecode-viewer/ 

通过powershell实现命令与控制绕过安全检查

https://pentestlab.blog/2017/08/19/command-and-control-powershell/ 

Android启动过程分析

https://thecyberfibre.com/android-boot-process/ 

Invoke-Phant0m:Windows Event Log Killer 

https://github.com/hlldz/Invoke-Phant0m 

图文解读:反弹shell的几种方式(科普)

http://www.hackingtutorials.org/networking/hacking-netcat-part-2-bind-reverse-shells/ 

bettercap v1.6.2发布,增加MAC、HSRP欺骗等新功能

https://github.com/evilsocket/bettercap/releases/tag/v1.6.2 

通过SAML SSO进行带外XXE

https://seanmelia.files.wordpress.com/2016/01/out-of-band-xml-external-entity-injection-via-saml-redacted.pdf 

ScrumWorks Pro远程代码执行漏洞

https://blogs.securiteam.com/index.php/archives/3387 

Hack with Metasploit: Announcing the UNITED 2017 CTF

https://community.rapid7.com/community/metasploit/blog/2017/08/10/hack-with-metasploit-announcing-the-united-2017-ctf 

Understanding Orphaned Files

https://thinkdfir.com/2017/08/18/understanding-orphaned-files/ 

(完)