Home  >  Article  >  Backend Development  >  6月2日-每日安全知识热点

6月2日-每日安全知识热点

WBOY
WBOYOriginal
2016-06-20 12:26:521177browse

http://esevece.github.io/2016/06/01/taking-over-heroku-accounts.html

接管Heroku账号

https://www.nccgroup.trust/globalassets/our-research/us/whitepapers/2016/june/container_whitepaperpdf/

linux容器的权限和非权限的滥用

https://bogner.sh/2016/03/mitm-attack-against-keepass-2s-update-check/

通过中间人攻击,可以在keepass更新时,获取明文

http://blog.talosintel.com/2016/06/ropmemu.html

ROPMEMU:分析代码重用攻击的框架

https://grsecurity.net/SSTIC2016.pdf

SSTIC 2016 KEYNOTE

http://www.phdays.com/program/

phdays会议PPT开始提供下载

https://github.com/ANSSI-FR/polichombr

polichombr:恶意软件协同分析框架

https://github.com/wg/arc

用GO编写的安全文件打包程序

https://github.com/gentilkiwi/mimikatz/releases

mimikatz 20160602 (oe.eo) edition 发行

https://adaclscan.codeplex.com/

ADACLScan4.3.ps1 发行

https://olivierbeg.com/finding-xss-vulnerabilities-in-flash-files/

如果在flash文件中寻找xss漏洞

https://cyber-defense.sans.org/blog/2016/06/01/powershell-function-to-send-udp-syslog-message-packets

使用powershell发送udp syslog消息包

https://blogs.technet.microsoft.com/windowsserver/2016/05/26/securing-privileged-access-preventing-and-detecting-attacks/

为什么说权限访问重要:阻止和检测攻击

http://bitcoinist.net/sandjacking-ios-bitcoin-ethereum/

Sandjacking ios利用威胁比特币钱包

https://isc.sans.edu/diary/21123

针对DSHELL的网络取证第二部分

http://blog.securelayer7.net/mongodb-security-injection-attacks-with-php/

MongoDB安全,php中的注入攻击

http://www.slideshare.net/phdays/ss-62570233

WAF绕过

本文由 360安全播报 原创发布,如需转载请注明来源及本文地址。本文地址:http://bobao.360.cn/news/detail/3121.html

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn