http://p6.qhimg.com/t017313015b51e6034e.png


热点概要:Debian(ubuntu)发行版的nginx本地提权漏洞、修改AtomBombing,注入代码到CGF保护的进程、用于检测网站使用的开源项目的detectem工具、BlackNurse攻击的POC、您可以通过按输入键70秒绕过Linux磁盘加密验证

国内热词:


中国消费者协会要求苹果调查手机异常关机

特朗普胜选后ProtonMail注册量翻了一番

俄罗斯新法案将优先考虑使用自由软件

AdultFriendFinder成人社交4亿账号曝光

Google和Facebook限制虚假新闻网站使用其广告服务

资讯类:


您可以通过按输入键70秒绕过Linux磁盘加密验证

http://www.bleepingcomputer.com/news/security/you-can-bypass-linux-disk-encryption-authentication-by-pressing-the-enter-key-for-70-seconds/

技术类:


DeGuard | apk-deguard 在线APK反混淆工具  

http://www.apk-deguard.com/

Metasploitable3虚拟机测试环境放出

https://community.rapid7.com/community/metasploit/blog/2016/11/15/test-your-might-with-the-shiny-new-metasploitable3

HackTheVote挑战,源码,安装步骤,writeup放出

https://github.com/RPISEC/HackTheVote

修改AtomBombing注入代码到CGF保护的进程(包含POC)

https://breakingmalware.com/injection-techniques/atombombing-cfg-protected-processes/

绕过"Mixed Content"警告,在安全页面载入不安全的内容

https://www.brokenbrowser.com/loading-insecure-content-in-secure-pages/

BSidesCHS 2016安全会议视频

https://www.youtube.com/playlist?list=PLsEd7GTJqlRC-2GyQmaFMcSLzWFGnbN4-

在Fedora的桌面环境下的Chrome由于风险设计导致能够drive-by downloads攻击

https://scarybeastsecurity.blogspot.co.uk/2016/11/0day-poc-risky-design-decisions-in.html

CVE-2016-1247:Debian(ubuntu)发行版的nginx本地提权漏洞,中文预警参考http://bobao.360.cn/learning/detail/3195.html

http://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html

数字公民的数字证书

http://heinrichhartmann.com/2016/11/15/A-Ditigal-Passport-for-Digital-Citizens.html

对detectem的介绍:一个新的开源项目,用于检测网站使用的软件

http://www.spect.cl/blog/2016/11/introducing-detectem/

对瘦客户端应用的评估,逆向和解密数据库信用凭证(系列1到10)

http://resources.infosecinstitute.com/practical-thick-client-application-penetration-testing-using-damn-vulnerable-thick-client-app-part-1/#article

paloaltonetworks的报告:Exploit Kits Exposed: Automated Attacks at Scale

https://www.paloaltonetworks.com/resources/research/exploit-kits

BlackNurse 攻击的POC

https://github.com/jedisct1/blacknurse

最新的可靠andorid内核root利用技术

http://powerofcommunity.net/poc2016/x82.pdf 

新的Carbanak / Anunak攻击方法

https://www.trustwave.com/Resources/SpiderLabs-Blog/New-Carbanak-/-Anunak-Attack-Methodology/

Netgear EX7000 Wi-Fi 路由器的XSS漏洞

https://www.pentestpartners.com/blog/netgear-ex7000-wi-fi-range-extender-minor-xss-and-poor-password-handling/

文章原文链接:https://www.anquanke.com/post/id/84919