http://p8.qhimg.com/t0105eadd526b531a1d.png


热点概要:CVE-2016-7545:SELinux 沙盒逃逸、RottenPotato从服务帐号提权到SYSTEM权限的POC、CVE-2016-4758:Safari's showModalDialog中的UXSS漏洞、MailSniper:一个用于搜索Exchange里邮件中包含敏感信息的powershell脚本

国内热词:

思科称可能是宇宙射线触发了路由器bug

恶意程序通过计算Word文档数躲避检测

rebsOnSecurity重新上线,这次由Google托管

资讯类:

亚美尼亚黑客泄漏阿塞拜疆银行和军事数据

https://www.hackread.com/armenian-hackers-leak-azeri-banking-military-data/

Ethereum网络遭受DDos攻击

http://news.softpedia.com/news/ethereum-network-under-computational-ddos-attack-508583.shtml

技术类:

CVE-2016-7545 — SELinux 沙盒逃逸

http://www.openwall.com/lists/oss-security/2016/09/25/1

DragonJAR Security Conference 2016 – CTF Writeup

https://www.dropbox.com/s/cslq9kf2low28uc/DragonJAR_CTF_2016.pdf?dl=0

RottenPotato从服务帐号提权到SYSTEM权限的POC

https://github.com/foxglovesec/RottenPotato

一个用HTM5实现的KVM管理接口

https://github.com/kimchi-project/kimchi

实现虚假AP的BASH脚本

https://github.com/SilverFoxx/PwnSTAR

CVE-2016-4758:Safari's showModalDialog中的UXSS漏洞

http://mksben.l0.cm/2016/09/safari-uxss-showModalDialog.html

Derbycon 2016会议视频

http://www.irongeek.com/i.php?page=videos/derbycon6/mainlist

绕过iOS 9.3.5代码签名的POC

https://github.com/kpwn/935csbypass

Anti VM Tricks

https://sentinelone.com/blogs/anti-vm-tricks/

MailSniper:一个用于搜索Exchange里邮件中包含敏感信息的powershell脚本

https://github.com/dafthack/MailSniper

VaultPasswordView:nirsoft发布可用于查看windows Vault密码的工具

http://blog.nirsoft.net/2016/09/24/new-tool-that-decrypts-windows-vault-passwords/

DerbyCon会议PPT: 攻击ADFS 终端

http://www.slideshare.net/kfosaaen/attacking-adfs-endpoints-derbycon

ARM Cortex-M0 汇编语言的技巧集

https://community.arm.com/docs/DOC-7869

文章原文链接:https://www.anquanke.com/post/id/84626