首页 > 安全 > 网络安全 >

4月12日互联网安全事件 - 每日安全知识热点

2017-04-14

4月12日互联网安全事件 - 每日安全知识热点 。

4月12日互联网安全事件 - 每日安全知识热点.。

Microsoft Word 0day 正被利用攻击数百万用户

网络间谍组织 Longhorn 被认为隶属于 CIA

中国起草法律对出境数据进行强制性安全检查

资讯类:

未修复的Microsoft Word漏洞被Dridex 银行木马中

http://thehackernews.com/2017/04/microsoft-word-dridex-trojan.html

2017-owasp-top-10 release 发布

http://securityaffairs.co/wordpress/57938/hacking/2017-owasp-top-10.html

技术类:

CVE-2016-7552/CVE-2016-7547:trend的认证绕过和远程代码执行

https://github.com/rapid7/metasploit-framework/pull/8216

Owasp top 10 2017 release 发布

https://raw.githubusercontent.com/OWASP/Top10/master/2017/OWASP%20Top%2010%20-%202017%20RC1-English.pdf

Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 2)

https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_11.html

渗透测试Skype业务:利用缺失的Lync

https://www.mdsec.co.uk/2017/04/penetration-testing-skype-for-business-exploiting-the-missing-lync/

VolgaCTF 2017 WriteUp

https://binarystud.io/volgactf-2017-time-is-exploitation-150.html

CVE-2017-0199 | Microsoft Office / WordPad远程执行代码漏洞

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199

打破Subgraph操作系统的安全模型

https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/

通过移动传感器窃取PIN:实际风险与用户感知

https://arxiv.org/pdf/1605.05549v1.pdf

Windows管理规范(WMI)利用:第三部分

https://blog.netspi.com/getting-started-wmi-weaponization-part-3/

CVE-2017-0199 (Office RTF RCE)简单分析

https://github.com/nccgroup/Cyber-Defence/blob/master/Technical%20Notes/Office%20zero-day%20(April%202017)/2017-04%20Office%20OLE2Link%20zero-day%20v0.4.pdf

如何开发解包器

http://www.synacktiv.ninja/ressources/unpacking_starforce_synacktiv.pdf

路由器漏洞挖掘

https://www.blackhat.com/presentations/bh-usa-09/LINDNER/BHUSA09-Lindner-RouterExploit-SLIDES.pdf

简单快速在windows 10的子系统linux上安装Metasploit

https://gist.github.com/dafthack/8aa4ff60cd9352448a372ce1a7b2e27e

Apache Tomcat 目录遍历

http://defensecode.com/advisories/DC-2017-03-001_DefenseCode_ThunderScan_SAST_Apache_Tomcat_Security_Advisory.pdf

ETW的入侵检测(part1)

https://blogs.technet.microsoft.com/office365security/hidden-treasure-intrusion-detection-with-etw-part-1/

CVE-2017-0199:Microsoft Office RTF漏洞分析

https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199-hta-handler.html

Adobe XML Injection文件内容泄漏

https://raw.githubusercontent.com/tsluyter/exploits/master/adobe_xml_inject.sh

Phpcms_V9任意文件上传 漏洞分析

http://mp.weixin.qq.com/s?src=3×tamp=1491961052&ver=1&signature=E5iEjvTqVbQYzOUccvry6bHq81*X39K3nbfWxvjieRP7wNUsYUos-1ofFX4v3cKl8p53EM1pE5unWNbzeCTCBuFcuF8Yiye4Ham70lJAuxd-6SoCCokg3WuWHTQw3rlKdid1ezbv3chX2wyj*2tw1qFoncncv3qu5proz6QuPXY=

相关文章
最新文章
热点推荐