热点概要:Pwn2Own:Safari 沙箱逃逸(part 1、part 2和PoC)、PHP通用gadget链:在未知环境中利用反序列化对象、BadGPO – 利用组策略对象保持持久性和横向运动的、BIND安全绕过漏洞CVE-2017-3143分析、基于碰撞的哈希算法、Apache CVE-2017-7659漏洞重现及利用分析、利用"Hearthstone"逃逸VMware 、利用一个堆溢出漏洞实现VMware虚拟机逃逸
资讯类:
维基解密披露CIA植入窃取SSH凭证
http://thehackernews.com/2017/07/ssh-credential-hacking.html
技术类:
Pwn2Own:Safari 沙箱逃逸(part 1、part 2和PoC)
https://phoenhex.re/2017-06-09/pwn2own-diskarbitrationd-privesc
https://phoenhex.re/2017-07-06/pwn2own-sandbox-escape
https://github.com/phoenhex/files/tree/master/exploits/safari-sbx
LovenseIOT情趣玩具的漏洞分析
http://elladodelnovato.blogspot.com.es/2017/07/understanding-and-breaking-internet-of.html
BIND安全绕过漏洞CVE-2017-3143分析
BadGPO – 利用组策略对象保持持久性和横向运动的
http://www.sicherheitsforschung-magdeburg.de/uploads/journal/MJS_052_Willi_GPO.pdf
Apache CVE-2017-7659漏洞重现及利用分析
http://www.freebuf.com/vuls/139042.html
FakeNet-NG:下一代动态网络分析工具
https://www.fireeye.com/blog/threat-research/2017/07/linux-support-for-fakenet-ng.html
PHP通用gadget链:在未知环境中利用反序列化对象
https://www.ambionics.io/blog/php-generic-gadget-chains
基于碰撞的哈希算法披露
https://www.netsparker.com/blog/web-security/collision-based-hashing-algorithm-disclosure/
pineapple-101:模块审计与测试(第1部分)
https://medium.com/@edelpeon_33472/pineapple-101-modules-review-and-testing-part-1-c2afebba6ba0
Red Team Insights on HTTPS Domain Fronting Google Hosts Using Cobalt Strike
利用一个堆溢出漏洞实现VMware虚拟机逃逸
https://zhuanlan.zhihu.com/p/27733895
http://acez.re/the-weak-bug-exploiting-a-heap-overflow-in-vmware/
PDF Tricks
https://github.com/corkami/docs/blob/master/PDF/PDF.md
很不错的一个UAF漏洞讲解
https://www.purehacking.com/blog/lloyd-simon/an-introduction-to-use-after-free-vulnerabilities
了解macOS上的恶意木马–OSX/Dok
http://bobao.360.cn/learning/detail/4071.html
从形式化方法、程序分析到数据分析–二进制漏洞检测实例
http://www.edu.cn/xxh/spkt/aq/201707/t20170706_1538333.shtml
Vulnerability-Exploit-Fuzz-Mitigation 漏洞利用与挖掘思维导图
https://github.com/SilverMoonSecurity/Security-misc
学习和使用TheHive&Cortex
https://blog.thehive-project.org/2017/07/06/train-till-you-drain-thehive-cortex-vm/
PHP命令注入和参数注入
http://www.afolgado.com/2017/06/10/phpcommandiargumenti/
利用MSXSL ByPass AppLocker
https://pentestlab.blog/2017/07/06/applocker-bypass-msxsl/
ReFS弹性文件系统(Microsoft开发的新的文件系统)的深入分析
http://mo.morsi.org/blog/2014/09/13/ReFS_All_Your_Resilience_Are_Belong_To_Us/
http://mo.morsi.org/blog/2014/11/02/ReFS_Part_II_May_the_Resilience_Be_With_You/
http://mo.morsi.org/blog/2017/07/05/refs-part-iii-back-to-the-resilience/
careers.twitter.com的一个绕过CSP的XSS
https://medium.com/@tbmnull/making-an-xss-triggered-by-csp-bypass-on-twitter-561f107be3e5
商业版Skype的xss
https://blogs.securiteam.com/index.php/archives/3269
CSW2017中360Marvel Team的paper:利用"Hearthstone"逃逸VMware
https://cansecwest.com/slides/2017/CSW2017_QinghaoTang_XinleiYing_vmware_escape.pdf