资讯类
GitHub 已遭基于 Memcached 的 DDoS 攻击 规模达 1.3 Tbps
https://www.bleepingcomputer.com/news/security/new-ddos-record-set-at-13-tbps-thanks-to-memcached-servers/
http://www.zdnet.com/article/github-was-hit-with-the-largest-ddos-attack-ever-seen/
https://blog.cloudflare.com/memcrashed-major-amplification-attacks-from-port-11211/
微软与英特尔合作,通过Windows更新提供CPU微代码修复
https://www.bleepingcomputer.com/news/security/microsoft-partners-with-intel-to-deliver-cpu-microcode-fixes-via-windows-updates/
CISCO软件出现严重漏洞,服务器无需密码可远程登录
惠普远程管理工具中的漏洞使服务器面临危险
Bug in HP Remote Management Tool Leaves Servers Open to Attack
AdBlock添加了功能来缓存流行的JavaScript库
流行的阻止广告的浏览器扩展AdBlock添加了一项新功能,可以在用户的计算机上本地缓存流行的JavaScript库。
https://www.bleepingcomputer.com/news/software/adblock-adds-feature-to-cache-popular-javascript-libraries/
https://threatpost.com/ad-network-circumvents-ad-blocking-tools-to-run-in-browser-cryptojacker-scripts/130161/
技术类
python沙箱逃逸小结
https://blog.sectown.cn/archives/41/
基于Memcached分布式系统DRDoS拒绝服务攻击技术研究
http://blog.csdn.net/microzone/article/details/79262549?from=timeline&isappinstalled=0
Enumeration sub domains(枚举子域名)
https://github.com/FeeiCN/ESD
通过未初始化的缓冲区实现VMWARE利用
https://www.zerodayinitiative.com/blog/2018/3/1/vmware-exploitation-through-uninitialized-buffers
漏洞聚焦:简单DirectMedia图层的SDL2_Image漏洞
http://blog.talosintelligence.com/2018/03/vulnerability-spotlight-simple.html
亲爱的开发人员,谨防DNS重新绑定
https://www.twistlock.com/2018/02/28/dear-developers-beware-dns-rebinding/
以太坊区块链上的Eclipse攻击
https://bitcoinmagazine.com/articles/researchers-explore-eclipse-attacks-ethereum-blockchain/
http://www.cs.bu.edu/~goldbe/projects/eclipseEth.pdf
Announcing Rust 1.24.1
https://blog.rust-lang.org/2018/03/01/Rust-1.24.1.html
在Go中使用反向代理进行网络钓鱼
https://medium.com/@cooperthecoder/phishing-with-a-reverse-proxy-23dd99557b5b
评论