1月10日安全热点–微软一月安全公告解读

阅读量209666

发布时间 : 2018-01-10 11:10:51

资讯类

微软一月安全公告解读

https://blog.talosintelligence.com/2018/01/ms-tuesday.html

https://www.zerodayinitiative.com/blog/2018/1/9/the-january-2018-security-update-review

 

Spectre 和Meltdown对WebKit意味着什么?

https://webkit.org/blog/8048/what-spectre-and-meltdown-mean-for-webkit/

 

关于微软对Meltdown漏洞的补丁,杀软厂商以及广大用户

https://doublepulsar.com/important-information-about-microsoft-meltdown-cpu-security-fixes-antivirus-vendors-and-you-a852ba0292ec

 

物联网僵尸网络C&C服务器数量在2017年翻了一番
https://www.bleepingcomputer.com/news/security/the-number-of-iot-botnet-candc-servers-doubled-in-2017/

 

Tor 0.3.2.9发布,现支持下一代onoion服务协议,增加了许多安全更新
https://blog.torproject.org/tor-0329-released-we-have-new-stable-series

 

Microsoft Pauses Rollout of Spectre and Meltdown Patches To AMD Systems
https://betanews.com/2018/01/09/microsoft-paused-meltdown-spectre-patch-rollout/

 

技术类

WEBVIEW跨源攻击分析

http://blogs.360.cn/360mobile/2014/09/22/webview%E8%B7%A8%E6%BA%90%E6%94%BB%E5%87%BB%E5%88%86%E6%9E%90/

 

漏洞聚焦:CPP和Parity Ethereum客户端中的多个漏洞
http://blog.talosintelligence.com/2018/01/vulnerability-spotlight-multiple.html

 

[dos] Microsoft Windows – ‘nt!NtQueryInformationProcess (information class 76, QueryProcessEnergyValues)’ 内核栈内存泄露
https://www.exploit-db.com/exploits/43470/

 

一个生成带有subdoc payload文档的工具
https://github.com/RhinoSecurityLabs/Security-Research/blob/master/tools/ms-office/subdoc-injector/subdoc_injector.py

https://rhinosecuritylabs.com/research/abusing-microsoft-word-features-phishing-subdoc/

 

BlackWidow : 一个基于python的web爬虫,用于从目标网站收集子域名,URL,动态参数,电子邮件地址和电话号码

https://github.com/1N3/BlackWidow

https://www.youtube.com/watch?v=mch8ht47taY

 

HttpLive:不依赖后端程序的HTTP请求/响应的开发测试工具
https://github.com/gencebay/httplive

 

[local] Microsoft Windows – Local XPS Print Spooler Sandbox Escape
https://www.exploit-db.com/exploits/43465/

 

“Web Application Firewall (#WAF) Evasion Techniques”:
https://medium.com/secjuice/waf-evasion-techniques-718026d693d8

https://medium.com/secjuice/web-application-firewall-waf-evasion-techniques-2-125995f3e7b0

 

逆向与汇编入门教程
http://kakaroto.homelinux.net/2017/11/introduction-to-reverse-engineering-and-assembly/

 

The Intel 80×86 Processor Architecture : Pitfalls for Secure Systems :
https://pdfs.semanticscholar.org/2209/42809262c17b6631c0f6536c91aaf7756857.pdf

 

[dos] Android – Inter-Process munmap due to Race Condition in ashmem
https://www.exploit-db.com/exploits/43464/

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/43464.zip

 

Intel Smart Cache Technology Animation
https://www.youtube.com/watch?v=bE9EbQOeb_U

 

AWS-Scanner:Scans a list of websites for Cloudfront or S3 Buckets
https://github.com/random-robbie/AWS-Scanner/

本文由77caikiki原创发布

转载,请参考转载声明,注明出处: https://www.anquanke.com/post/id/94240

安全KER - 有思想的安全新媒体

分享到:微信
+10赞
收藏
77caikiki
分享到:微信

发表评论

Copyright © 北京奇虎科技有限公司 三六零数字安全科技集团有限公司 安全KER All Rights Reserved 京ICP备08010314号-66