热点概要:Discuz X3.3补丁安全分析、如何在tor网络中避开特定地理区域、以DVRF(路由器漏洞靶机)为例解读JEB固件漏洞利用、如何劫持无线鼠标和键盘、解读智能机器人的安全问题、EggShell:基于Python的iOS、macOS后渗透工具、ScrumWorks Pro远程代码执行漏洞
资讯类:
源自中国公司的个信广告SDK染指安卓监控软件?谷歌下架更新500款App
https://blog.lookout.com/igexin-malicious-sdk
技术类:
【漏洞分析】Discuz X3.3补丁安全分析
http://bobao.360.cn/learning/detail/4302.html
Bitdefender:通过7z LZMA堆缓冲区溢出
https://landave.io/2017/08/bitdefender-heap-buffer-overflow-via-7z-lzma/
如何在tor网络中避开特定地理区域
NIZKCTF:一个非交互式零基础的CTF平台
https://arxiv.org/pdf/1708.05844.pdf
以DVRF(路由器漏洞靶机)为例解读JEB固件漏洞利用
Part 1:https://www.pnfsoftware.com/blog/firmware-exploitation-with-jeb-part-1/
Part 2:https://www.pnfsoftware.com/blog/firmware-exploitation-with-jeb-part-2/
利用工业协同机器人(解读智能机器人的安全问题)
http://blog.ioactive.com/2017/08/Exploiting-Industrial-Collaborative-Robots.html
如何劫持无线鼠标和键盘
https://toshellandback.com/2017/08/16/mousejack/
shadow v2公开发布
https://census-labs.com/news/2017/08/22/shadow-v2-release/
https://github.com/CENSUS/shadow
EggShell:基于Python的iOS、macOS后渗透工具
https://github.com/neoneggplant/EggShell/
Java 8 Jar&Android APK逆向工程工具(Decompiler,Editor,Debugger&More)
https://github.com/Konloch/bytecode-viewer/
通过powershell实现命令与控制绕过安全检查
https://pentestlab.blog/2017/08/19/command-and-control-powershell/
Android启动过程分析
https://thecyberfibre.com/android-boot-process/
Invoke-Phant0m:Windows Event Log Killer
https://github.com/hlldz/Invoke-Phant0m
图文解读:反弹shell的几种方式(科普)
http://www.hackingtutorials.org/networking/hacking-netcat-part-2-bind-reverse-shells/
bettercap v1.6.2发布,增加MAC、HSRP欺骗等新功能
https://github.com/evilsocket/bettercap/releases/tag/v1.6.2
通过SAML SSO进行带外XXE
ScrumWorks Pro远程代码执行漏洞
https://blogs.securiteam.com/index.php/archives/3387
Hack with Metasploit: Announcing the UNITED 2017 CTF
Understanding Orphaned Files
https://thinkdfir.com/2017/08/18/understanding-orphaned-files/