热点概要:MySQL / MariaDB / PerconaDB – 提权/条件竞争漏洞、我对IoT设备的测试经验和结论、Pwn A Camera Step by Step
国内热词:
失望的MacBook Pro (2016)让部分粉丝转投Ubuntu
个人信息权写入民法总则草案
中国在深圳机场部署了安保机器人
平板出货量连续第八个季度下降
Google披露正被利用的Windows提权漏洞
资讯类:
今年Firefox被爆了130个严重漏洞
http://www.theregister.co.uk/2016/10/30/mozilla_130_vulnerabilities
andorid银行木马劫持短信,绕过双因子验证
https://www.grahamcluley.com/android-banking-trojan-intercept-sms-messages/
技术类:
MySQL / MariaDB / PerconaDB – 提权/条件竞争漏洞,中文预警,可以参考http://bobao.360.cn/learning/detail/3152.html
http://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html
Memcached发现多个RCE漏洞,中文预警,可以参考http://bobao.360.cn/learning/detail/3151.html
http://blog.talosintel.com/2016/10/memcached-vulnerabilities.html
Pwn A Camera Step by Step (Web ver.)
https://ricterz.me/posts/Pwn%20A%20Camera%20Step%20by%20Step%20%28Web%20ver.%29?_=1477995582564
Memcached 命令执行漏洞(CVE-2016-8704、CVE-2016-8705、CVE-2016-8706)简析
Lifesize Room RCE漏洞POC
https://github.com/XiphosResearch/exploits/tree/master/deathsize
GPON FTTH 网络(不)安全
https://pierrekim.github.io/blog/2016-11-01-gpon-ftth-networks-insecurity.html
解决 GrrCon 2016 DFIR 挑战
https://techanarchy.net/2016/10/solving-grrcon-2016-dfir-challenge/
我对IoT设备的测试经验和结论
http://cloud101.eu/iot/2016/10/30/iot-my-testing-experience.html
eFront LMS – 所有版本RCE漏洞
http://www.paulosyibelo.com/2016/10/efront-lms-rce-all-versions.html
Kerberoasting Without Mimikatz
http://www.harmj0y.net/blog/powershell/kerberoasting-without-mimikatz/
卡巴第三季度报告,攻击增加,并且越来越复杂
oletools工具更新
https://github.com/decalage2/oletools
KLEE和angr的Docker容器镜像
https://gist.github.com/moyix/abde48f246a18226f3fc170c5dfc2702
powershell的NtObjectManager 模块发布
https://www.powershellgallery.com/packages/NtObjectManager/1.0
沙盒-攻击面分析工具
https://github.com/google/sandbox-attacksurface-analysis-tools
介绍BruCON网络
https://blog.rootshell.be/2016/11/01/debriefing-brucon-network/
文章原文链接:https://www.anquanke.com/post/id/84829
