技术类:
蠕虫通过ftp和http扩散
https://www.guardicore.com/2016/06/the-photominer-campaign/
postgres中间人攻击
https://thusoy.com/2016/mitming-postgres
MS15-106漏洞利用第二部分: JScript ArrayBuffer.slice Memory Disclosure (CVE-2015-6053)
Bears in the Midst: Intrusion into the Democratic National Committee
https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/
websocket历险:认证/授权
https://blog.stratumsecurity.com/2016/06/13/websockets-auth/
HTTP Evader:自动防火墙和IDS逃逸测试,分析浏览器行为
渗透测试之路:为什么要参加IACRB培训和认证
CrackMapExec工具的wiki更新
https://github.com/byt3bl33d3r/CrackMapExec/wiki
ritm: ruby编写的中间人劫持代理
https://github.com/argos83/ritm
flash 0day (CVE-2016-4171) 被用于在野攻击
http://wccftech.com/flash-zero-day-vulnerability-exploited-in-the-wild/
重温在PNG IDAT 块中的xss payloads
http://www.adamlogue.com/revisiting-xss-payloads-in-png-idat-chunks/
zCrypt欺诈勒索软件分析
https://blog.malwarebytes.org/threat-analysis/2016/06/zcrypt-ransomware/
How to become the sole owner of your PC.pdf [禁止Intel ME]
发现珍珠:fuzzing ClamAV
https://foxglovesecurity.com/2016/06/13/finding-pearls-fuzzing-clamav/
来自phdays'16会议的ppt: hacking web apps基础教程
https://github.com/cyberpunkych/ph2016
家庭自动化系统的安全性
https://www.ernw.de/download/ERNW_Newsletter_49_SecurityOfHomeAutomationSystems_signed.pdf
导入nmap的扫描结果进nessus
http://securityblog.gr/3457/import-nmap-results-into-nessus/
Linux Kernel ROP – Ropping your way to # (Part 1)
https://www.trustwave.com/Resources/SpiderLabs-Blog/Linux-Kernel-ROP—Ropping-your-way-to—(Part-1)/
解码Angler Exploit Kit
https://pcsxcetrasupport3.wordpress.com/2016/06/11/decoding-angler-exploit-kit/
跟踪地球间谍卫星
http://m.nextgov.com/defense/2016/06/tracking-earths-secret-spy-satellites/129027/?oref=m-ng-river
资讯类:
洛克希德·马丁公司公布内部安全威胁检测的解决方案
三星修复驱动更新工具的另一个设备接管问题
Vawtrack银行木马v2版最近被发现
减少人才缺口,确保未来:思科推出千万网络安全奖学金
http://blogs.cisco.com/security/cisco-10-million-cybersecurity-scholarship
Telegram声明:黑客发现一种方式来发送大量的垃圾消息
http://www.theregister.co.uk/2016/06/14/telegram_crammed_hackers_find_way_to_send_massive_messages/
黑客从汽车,技术,体育论坛中偷取4500万账号
Sixgill 爬行暗网数据,预测网络犯罪
http://techcrunch.com/2016/06/14/sixgill/
DeRay Mckesson的twitter账户被黑,密码是他的名字加4位数字
开源的网络安全linux内核扩展
https://n0where.net/open-source-cybersecurity-linux-kernel-extension-zentables-addons/
数据泄露消息:
navratnabooking.com 网站数据泄露,包含手机号,邮箱,家庭地址
www.golferscard.ae网站数据泄露,包含手机号,邮箱,家庭地址,性别,出生日期,邮编
发表评论
您还未登录,请先登录。
登录