http://p6.qhimg.com/t017313015b51e6034e.png


热点概要:Windows权限提升的几种方法eval长度限制绕过 && PHP5.6新特性分析CVE-2016-9131: ISC BIND TKEY Query Response Handling DoS谁是Anna-Senpai,Mirai蠕虫作者?


国内热词(以下内容部分摘自http://www.solidot.org/):


Mozilla发布新品牌标识“Moz://a ”

斯诺登被允许延长在俄罗斯的居留时间

华为举报六名前员工泄密

公安部发布治安管理处罚法修订意见稿,新增处罚宗教歧视等内容


资讯类:


1300w解密的CIA文件在网上发布

http://motherboard.vice.com/read/13-million-pages-of-declassified-cia-documents-crest-archive-were-just-posted-online

Pwn2Own2017 10周年首次引入提权类别,首次以linux为目标

http://blog.trendmicro.com/pwn2own-returns-for-2017-to-celebrate-10-years-of-exploits/

奥巴马更新了CIA处理美国人信息的规则

https://www.nytimes.com/2017/01/18/us/politics/central-intelligence-agency-rules-data-president-obama-cia.html

技术类:


利用华为OTT服务漏洞免费看电视

https://www.linkedin.com/pulse/huawei-ott-vulnerability-free-tv-everyone-nebojsa-terzic

Windows权限提升的几种方法

https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

实用的jsonp注入

https://securitycafe.ro/2017/01/18/practical-jsonp-injection/

谁是Anna-Senpai,Mirai蠕虫作者?

https://krebsonsecurity.com/2017/01/who-is-anna-senpai-the-mirai-worm-author/

Pwnhub-深入敌后-Writeup

http://www.cnblogs.com/iamstudy/articles/pwnhub_week6_writeup.html

eval长度限制绕过 && PHP5.6新特性

https://www.leavesongs.com/PHP/bypass-eval-length-restrict.html

Adobe Acrobat 强制安装脆弱的chrome插件

https://bugs.chromium.org/p/project-zero/issues/detail?id=1088

分析CVE-2016-9131: ISC BIND TKEY Query Response Handling DoS

http://blog.fortinet.com/2017/01/18/analysis-of-isc-bind-tkey-query-response-handling-dos-cve-2016-9131

揭密EyePyramid事件

http://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-inner-workings-eyepyramid/

Hash Suite Droid开源的哈希破解器

http://hashsuite.openwall.net/android

Oracle的Outside In Technology多出代码执行漏洞

http://blog.talosintel.com/2017/01/oit-multiple-rce.html

Pass the Hash with Ruler

https://sensepost.com/blog/2017/pass-the-hash-with-ruler/

NSA公开AES GCM SIV分析

https://tools.ietf.org/html/draft-irtf-cfrg-gcmsiv-02

Use DNS Rebinding to Bypass IP Restriction

https://ricterz.me/posts/Use%20DNS%20Rebinding%20to%20Bypass%20IP%20Restriction

Android: OOB write in ssp_batch_ioctl

https://bugs.chromium.org/p/project-zero/issues/detail?id=966

匡恩发布2016物联网安全报告

http://www.kuangn.com/upload/file/20170118/8cb49c2f2d6040a8b362a1b52cac34e7.pdf

文章原文链接:https://www.anquanke.com/post/id/85363