【知识】7月7日 - 每日安全知识热点

热点概要：Pwn2Own：Safari 沙箱逃逸(part 1、part 2和PoC)、PHP通用gadget链：在未知环境中利用反序列化对象、BadGPO – 利用组策略对象保持持久性和横向运动的、BIND安全绕过漏洞CVE-2017-3143分析、基于碰撞的哈希算法、Apache CVE-2017-7659漏洞重现及利用分析、利用"Hearthstone"逃逸VMware 、利用一个堆溢出漏洞实现VMware虚拟机逃逸

资讯类：

维基解密披露CIA植入窃取SSH凭证 

http://thehackernews.com/2017/07/ssh-credential-hacking.html

技术类：

Pwn2Own：Safari 沙箱逃逸(part 1、part 2和PoC)

https://phoenhex.re/2017-06-09/pwn2own-diskarbitrationd-privesc

https://phoenhex.re/2017-07-06/pwn2own-sandbox-escape 

https://github.com/phoenhex/files/tree/master/exploits/safari-sbx

LovenseIOT情趣玩具的漏洞分析

http://elladodelnovato.blogspot.com.es/2017/07/understanding-and-breaking-internet-of.html

BIND安全绕过漏洞CVE-2017-3143分析

http://www.synacktiv.ninja/ressources/CVE-2017-3143_BIND9_TSIG_dynamic_updates_vulnerability_Synacktiv.pdf

BadGPO – 利用组策略对象保持持久性和横向运动的

http://www.sicherheitsforschung-magdeburg.de/uploads/journal/MJS_052_Willi_GPO.pdf

Apache CVE-2017-7659漏洞重现及利用分析

http://www.freebuf.com/vuls/139042.html

FakeNet-NG：下一代动态网络分析工具

https://www.fireeye.com/blog/threat-research/2017/07/linux-support-for-fakenet-ng.html

PHP通用gadget链：在未知环境中利用反序列化对象

https://www.ambionics.io/blog/php-generic-gadget-chains

基于碰撞的哈希算法披露

https://www.netsparker.com/blog/web-security/collision-based-hashing-algorithm-disclosure/

pineapple-101：模块审计与测试（第1部分）

https://medium.com/@edelpeon_33472/pineapple-101-modules-review-and-testing-part-1-c2afebba6ba0

Red Team Insights on HTTPS Domain Fronting Google Hosts Using Cobalt Strike

https://www.cyberark.com/threat-research-blog/red-team-insights-https-domain-fronting-google-hosts-using-cobalt-strike/

利用一个堆溢出漏洞实现VMware虚拟机逃逸

https://zhuanlan.zhihu.com/p/27733895

http://acez.re/the-weak-bug-exploiting-a-heap-overflow-in-vmware/

PDF Tricks

https://github.com/corkami/docs/blob/master/PDF/PDF.md

很不错的一个UAF漏洞讲解

https://www.purehacking.com/blog/lloyd-simon/an-introduction-to-use-after-free-vulnerabilities

了解macOS上的恶意木马–OSX/Dok

http://bobao.360.cn/learning/detail/4071.html

从形式化方法、程序分析到数据分析–二进制漏洞检测实例

http://www.edu.cn/xxh/spkt/aq/201707/t20170706_1538333.shtml

Vulnerability-Exploit-Fuzz-Mitigation 漏洞利用与挖掘思维导图

https://github.com/SilverMoonSecurity/Security-misc

学习和使用TheHive＆Cortex

https://blog.thehive-project.org/2017/07/06/train-till-you-drain-thehive-cortex-vm/

PHP命令注入和参数注入

http://www.afolgado.com/2017/06/10/phpcommandiargumenti/

利用MSXSL ByPass AppLocker

https://pentestlab.blog/2017/07/06/applocker-bypass-msxsl/

ReFS弹性文件系统（Microsoft开发的新的文件系统）的深入分析

http://mo.morsi.org/blog/2014/09/13/ReFS_All_Your_Resilience_Are_Belong_To_Us/ 

http://mo.morsi.org/blog/2014/11/02/ReFS_Part_II_May_the_Resilience_Be_With_You/ 

http://mo.morsi.org/blog/2017/07/05/refs-part-iii-back-to-the-resilience/

careers.twitter.com的一个绕过CSP的XSS

https://medium.com/@tbmnull/making-an-xss-triggered-by-csp-bypass-on-twitter-561f107be3e5

商业版Skype的xss

https://blogs.securiteam.com/index.php/archives/3269

CSW2017中360Marvel Team的paper：利用"Hearthstone"逃逸VMware

https://cansecwest.com/slides/2017/CSW2017_QinghaoTang_XinleiYing_vmware_escape.pdf