【知识】7月27日 - 每日安全知识热点

360安全客 安全知识 68468 4

http://p6.qhimg.com/t017313015b51e6034e.png

热点概要:MSRC宣布Windows漏洞悬赏计划、FLARE VM: FireEye发布分析Windows恶意软件的虚拟机Tomcat Security Constraint Bypass CVE-2017-5664 分析、Empire without PowerShell.exe、Factorio远程代码执行漏洞分析


资讯类:

Microsoft发布新的漏洞悬赏计划最高赏金25万美元

http://thehackernews.com/2017/07/microsoft-bug-bounty-program.html 


Adobe Flash将于2020年停止服务

http://bobao.360.cn/news/detail/4239.html 

技术类:

分析VMware虚拟机逃逸补丁

https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-patch-of-a-virtual-machine-escape-on-vmware 

WSSAT:Web服务安全评估工具

https://github.com/YalcinYolalan/WSSAT/ 

 

“EternalMiner” Copycats exploiting SambaCry for cryptocurrency mining

http://www.intezer.com/eternalminer-copycats/ 

Factorio远程代码执行漏洞分析

https://security.gerhardt.link/RCE-in-Factorio/ 

Proxy Re-Encryption Playground in Python

https://hackernoon.com/proxy-re-encryption-playground-in-python-3bc66170b9bf 

通过AI和Python生成密码

https://github.com/k3170makan/PyMLProjects/blob/master/passwords/README.md 

MSRC宣布Windows漏洞悬赏计划

https://blogs.technet.microsoft.com/msrc/2017/07/26/announcing-the-windows-bounty-program/ 

Broadpwn:通过Broadcom Wi-Fi芯片中的Bug远程破坏Android和iOS系统

https://blog.exodusintel.com/2017/07/26/broadpwn/ 

Breaking open the MtGox case(part 1)

http://blog.wizsec.jp/2017/07/breaking-open-mtgox-1.html 

通过 WebView 攻击 Android 应用

https://zhuanlan.zhihu.com/p/28107901 

IaaS、PaaS、SaaS三者的比较

http://www.engineyard.com/blog/the-differences-between-iaas-paas-and-saas-and-when-to-use-each 

安卓系统级病毒疫情月报(2017年 – 总第3期)

http://bobao.360.cn/news/detail/4241.html 

黑盒vBulletin漏洞扫描器

https://securityonline.info/owasp-vbscan-black-box-vbulletin-vulnerability-scanner/ 

【病毒分析】Sorebrect勒索病毒分析报告

http://bobao.360.cn/learning/detail/4154.html 

Windows Exploitation: Backdoor on the fly with bdfproxy

https://securityonline.info/windows-exploitation-backdoor-fly-bdfproxy/ 

Empire without PowerShell.exe(Empire:一款后渗透框架)

https://bneg.io/2017/07/26/empire-without-powershell-exe/ 

FLARE VM: FireEye发布分析Windows恶意软件的虚拟机

https://www.fireeye.com/blog/threat-research/2017/07/flare-vm-the-windows-malware.html 

Tomcat Security Constraint Bypass CVE-2017-5664 分析

https://mp.weixin.qq.com/s/AWXjwO03oxrL960l3WxyCQ 

SQLite手工注入Getshell技巧

http://fuping.site/2017/07/19/SQLite-Injection-Get-WebShell/ 

(完)