热点概要:蜜罐和物联网:分析卡巴斯基实验室的IoT蜜蜂获取的数据、关于Frida的资源、NSO的间谍软件威胁报告、快速分析微软ESTEEMAUDIT Patch、NSA美国国安局在github上发起开源技术合作项目、The Stack Clash漏洞技术细节
Linux,BSD, Solaris 等开源系统存在“ Stack Clash ”漏洞 允许攻击者以root权限执行
https://threatpost.com/stack-clash-vulnerability-in-linux-bsd-systems-enables-root-access/126355/
技术类:
蜜罐和物联网:分析卡巴斯基实验室的IoT蜜蜂获取的数据
https://securelist.com/honeypots-and-the-internet-of-things/78751/
0ctf2017 final
http://lorexxar.cn/2017/06/16/0ctf2017-final/
PsExec Much?
https://rastamouse.me/2017/06/psexec-much/
关于Frida的资源
https://github.com/dweinstein/awesome-frida
甲方安全建设步骤
跨站的艺术-XSS入门与介绍
http://www.fooying.com/the-art-of-xss-1-introduction/
NSO的间谍软件威胁报告
https://citizenlab.org/2017/06/reckless-exploit-mexico-nso/
GoogleCTF2017 Back to the Past WriteUp
https://ctftime.org/writeup/6815
快速分析微软ESTEEMAUDIT Patch
https://0patch.blogspot.com/2017/06/a-quick-analysis-of-microsofts.html
物联网设备安全实践
https://duo.com/assets/ebooks/Duo-Labs-Bug-Hunting-Drilling-Into-the-Internet-of-Things-IoT.pdf
reversing-the-balong-m3mcu-console-lightning-the-path-to-ring-0
路由器滥用的脆弱性
http://blog.ptsecurity.com/2017/06/practical-ways-to-misuse-router.html
NSA美国国安局在github上发起开源技术合作项目
https://nationalsecurityagency.github.io/
SDR和RF信号分析简介
https://www.elttam.com.au/blog/intro-sdr-and-rf-analysis/
一个包含二进制逆向和利用的docker容器
https://github.com/superkojiman/pwnbox
关于MS17-010的细节、PoC、Exp
https://github.com/worawit/MS17-010
The Stack Clash漏洞技术细节
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
快速搜索漏洞exploits
https://github.com/1N3/Findsploit
Microsoft Edge 地址栏欺骗PoC
https://pastebin.com/raw/uKLVr0i9
斯巴鲁汽车软件漏洞分析—永不失效的令牌