6月6日-每日安全知识热点

http://p0.qhimg.com/t01f7ef32da341925d2.jpg

http://brutelogic.com.br/blog/shortest-reflected-xss-possible/

尽可能短的反射XSS payload

http://teletext.zaibatsutel.net/post/145370716258/deadupdate-or-how-i-learned-to-stop-worrying-and

Asus LiveUpdate HTTP中间人导致任意代码执行

https://www.farsightsecurity.com/Blog/20160603-stsauver-ddos-sie-darkspace-1/

分析一起DNS反射DOS攻击

http://researchcenter.paloaltonetworks.com/2016/06/unit42-understanding-angler-exploit-kit-part-1-exploit-kit-fundamentals/

了解angler exploitkit,第一部分

http://0day.today/exploit/25398

Nagios XI 5.2.7 代码执行/提权/SQL注入漏洞

http://pastebin.com/LpyiP3RF

hashcat 3.00 beta发行,这是运行在不同设备上的测试报告

https://blog.sucuri.net/2016/06/magento-credit-card-stealer-braintree-extension.html

用于Magento信用卡盗取的Braintree 扩展

http://www.gironsec.com/blog/2016/06/backdooring-a-dll/

Backdooring a DLL

http://samvartaka.github.io/exploitation/2016/06/03/dead-rats-exploiting-malware

利用malware C2服务

https://drive.google.com/file/d/0Bz8Lmg2kodQiRXYwWVpGNXQtdG5hNG5GaDFFNF9UNXp4UXo4/view?pref=2&pli=1

使用Erlang写exploit

http://streamcode.io/intro-bot-framework-building-weather-bot/

介绍bot Framework,构造一个天气bot

http://blog.trailofbits.com/2016/06/03/2000-cuts-with-binary-ninja/

2000 cuts with Binary Ninja

https://github.com/OJ/gobuster

用go语言实现的目录/DNS爆破工具

https://github.com/IAIK/flush_flush

Flush+Flush 缓存攻击,文章以及代码

https://docs.google.com/spreadsheets/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/pubhtml

APT Groups and Operations cheatsheet

http://www.hackingarticles.in/hack-gmail-facebook-password-network-using-bettercap/

使用中间人工具bettercap劫持facebook和GMAIL登陆密码

https://bugs.chromium.org/p/project-zero/issues/detail?id=735#c_ts1464970450

Linux io_submit L2TP sendmsg 整形溢出

https://github.com/Gh005t/Android-BruteForce?platform=hootsuite

当USB Debugging开启的时候暴力破解Android锁屏的工具

https://github.com/Droid-MAX/bully

android上的WPS攻击工具

http://andrewmohawk.com/2016/06/05/hackfu-2016-writeup/

HackFu 2016 Writeup

https://labs.portcullis.co.uk/blog/powerops-powershell-for-offensive-operations/?platform=hootsuite

PowerOPS: PowerShell for Offensive Operation

本文由 360安全播报 原创发布,如需转载请注明来源及本文地址。
本文地址:http://bobao.360.cn/news/detail/3132.html

保险业信息安全意识培养电子课件受欢迎

猜您喜欢

让你惊出一身冷汗的10个社会工程学黑客攻击手段
保密費等同於競業限制的經濟補償嗎? http://news.keepred.cn/20160604652.html
勿让网络安全人才培养走“中国足球”的老路
安全月安全生产教育动画片——小李的一天
SOLIDTIMEPASS WBS
您认为保护企业信息安全是谁的责任?