http://p6.qhimg.com/t017313015b51e6034e.png


热点概要:CVE-2016-0176漏洞细节、PowerShellEmpire的任意文件上传利用POC、C指针知识、绕过Ebay xss保护、VBAMacroPWD:移除/改变/破解office宏密码的开源工具

国内热词:


Windows 10最新版本用PowerShell替代了命令提示符

特斯拉的复活节彩蛋让汽车更快加速

根据脸部照片自动区分罪犯和非罪犯

广升回应固件后门,谴责报道不实

资讯类:


NASA的EM驱动器文件公布

http://www.sciencealert.com/it-s-official-nasa-s-peer-reviewed-em-drive-paper-has-finally-been-published

即使你的iCloud备份关闭了,iPhone还是会偷偷发送你的通话记录历史到Apple

http://thehackernews.com/2016/11/icloud-backup.html

技术类:


XVWA web漏洞环境的所有测试流程视频

https://www.youtube.com/playlist?list=PL62Jkhsty0Fe3LuhFAa-QAmYCcHN1R-BG

捕捉威胁事件的简单技巧(第二部分)

https://medium.com/@x0rz/threat-hunting-on-simple-tricks-part-2-8d8f6af75335#.yk6d0oigy

Flask: Flux高级安全内核

https://www.cs.utah.edu/flux/fluke/html/flask.html

CVE-2016-0176漏洞细节

http://keenlab.tencent.com/en/2016/11/18/A-Link-to-System-Privilege/

PowerShellEmpire的任意文件上传利用

http://0day.today/exploit/26353

有关C指针,每个人都应该知道的知识

http://boredzo.org/pointers/

VBAMacroPWD:移除/改变/破解office宏密码的开源工具

https://github.com/waleedassar/VBAMacroPWD

Palo Alto Networks PanOS: root_reboot本地提权漏洞 

https://bugs.chromium.org/p/project-zero/issues/detail?id=913

对Fitbit tracker固件的分析

https://www.freelists.org/post/galileo/Tracker-firmware

Secure state in encrypted callback URLs

http://go-beyond.org/post/encrypted-callback-urls/

ServiceWorker's Link rel=serviceworker leads to botnet-like persistent JS worker

https://bugs.chromium.org/p/chromium/issues/detail?id=662443

office文档的VBA语法

http://blog.joesecurity.org/2016/11/generic-vba-instrumentation-for.html

捕捉短波信号

http://hackaday.com/2016/11/18/cache-shortwave-signals-for-later-with-this-sdr-spectrum-grabber/

PoisonTap安装脚本

https://gist.github.com/jgamblin/459d7db3b4e8441cc210b35abb5d7181

Tetris heap spraying: spraying the heap on a budget

http://seclists.org/fulldisclosure/2016/Nov/112

对Zcash的分析

http://www.openwall.com/articles/Zcash-Equihash-Analysis

DNS日志记录和排错

https://technet.microsoft.com/en-us/library/dn800669.aspx

绕过Ebay xss保护

http://blog.pentestnepal.tech/post/153333332112/xssonebay

文章原文链接:https://www.anquanke.com/post/id/84948