6月2日-每日安全知识热点

http://esevece.github.io/2016/06/01/taking-over-heroku-accounts.html

接管Heroku账号

https://www.nccgroup.trust/globalassets/our-research/us/whitepapers/2016/june/container_whitepaperpdf/

linux容器的权限和非权限的滥用

https://bogner.sh/2016/03/mitm-attack-against-keepass-2s-update-check/

通过中间人攻击,可以在keepass更新时,获取明文

http://blog.talosintel.com/2016/06/ropmemu.html

ROPMEMU:分析代码重用攻击的框架

https://grsecurity.net/SSTIC2016.pdf

SSTIC 2016 KEYNOTE

http://www.phdays.com/program/

phdays会议PPT开始提供下载

https://github.com/ANSSI-FR/polichombr

polichombr:恶意软件协同分析框架

https://github.com/wg/arc

用GO编写的安全文件打包程序

https://github.com/gentilkiwi/mimikatz/releases

mimikatz 20160602 (oe.eo) edition 发行

https://adaclscan.codeplex.com/

ADACLScan4.3.ps1 发行

https://olivierbeg.com/finding-xss-vulnerabilities-in-flash-files/

如果在flash文件中寻找xss漏洞

https://cyber-defense.sans.org/blog/2016/06/01/powershell-function-to-send-udp-syslog-message-packets

使用powershell发送udp syslog消息包

https://blogs.technet.microsoft.com/windowsserver/2016/05/26/securing-privileged-access-preventing-and-detecting-attacks/

为什么说权限访问重要:阻止和检测攻击

http://bitcoinist.net/sandjacking-ios-bitcoin-ethereum/

Sandjacking ios利用威胁比特币钱包

https://isc.sans.edu/diary/21123

针对DSHELL的网络取证第二部分

http://blog.securelayer7.net/mongodb-security-injection-attacks-with-php/

MongoDB安全,php中的注入攻击

http://www.slideshare.net/phdays/ss-62570233

WAF绕过

本文由 360安全播报 原创发布，如需转载请注明来源及本文地址。本文地址：http://bobao.360.cn/news/detail/3121.html