热点概要:Windows权限提升的几种方法、eval长度限制绕过 && PHP5.6新特性、分析CVE-2016-9131: ISC BIND TKEY Query Response Handling DoS、谁是Anna-Senpai,Mirai蠕虫作者?
国内热词(以下内容部分摘自http://www.solidot.org/):
Mozilla发布新品牌标识“Moz://a ”
斯诺登被允许延长在俄罗斯的居留时间
华为举报六名前员工泄密
公安部发布治安管理处罚法修订意见稿,新增处罚宗教歧视等内容
资讯类:
1300w解密的CIA文件在网上发布
Pwn2Own2017 10周年首次引入提权类别,首次以linux为目标
http://blog.trendmicro.com/pwn2own-returns-for-2017-to-celebrate-10-years-of-exploits/
奥巴马更新了CIA处理美国人信息的规则
技术类:
利用华为OTT服务漏洞免费看电视
https://www.linkedin.com/pulse/huawei-ott-vulnerability-free-tv-everyone-nebojsa-terzic
Windows权限提升的几种方法
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
实用的jsonp注入
https://securitycafe.ro/2017/01/18/practical-jsonp-injection/
谁是Anna-Senpai,Mirai蠕虫作者?
https://krebsonsecurity.com/2017/01/who-is-anna-senpai-the-mirai-worm-author/
Pwnhub-深入敌后-Writeup
http://www.cnblogs.com/iamstudy/articles/pwnhub_week6_writeup.html
eval长度限制绕过 && PHP5.6新特性
https://www.leavesongs.com/PHP/bypass-eval-length-restrict.html
Adobe Acrobat 强制安装脆弱的chrome插件
https://bugs.chromium.org/p/project-zero/issues/detail?id=1088
分析CVE-2016-9131: ISC BIND TKEY Query Response Handling DoS
揭密EyePyramid事件
http://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-inner-workings-eyepyramid/
Hash Suite Droid开源的哈希破解器
http://hashsuite.openwall.net/android
Oracle的Outside In Technology多出代码执行漏洞
http://blog.talosintel.com/2017/01/oit-multiple-rce.html
Pass the Hash with Ruler
https://sensepost.com/blog/2017/pass-the-hash-with-ruler/
NSA公开AES GCM SIV分析
https://tools.ietf.org/html/draft-irtf-cfrg-gcmsiv-02
Use DNS Rebinding to Bypass IP Restriction
https://ricterz.me/posts/Use%20DNS%20Rebinding%20to%20Bypass%20IP%20Restriction
Android: OOB write in ssp_batch_ioctl
https://bugs.chromium.org/p/project-zero/issues/detail?id=966
匡恩发布2016物联网安全报告
http://www.kuangn.com/upload/file/20170118/8cb49c2f2d6040a8b362a1b52cac34e7.pdf
评论