热点概要:Ticketbleed:F5 BIG-IP设备TLS/SSL堆栈漏洞(CVE-2016-9244)、利用Node.js反序列化的漏洞执行远程代码、Microsoft Office Word 恶意宏执行、未修补的jQuery Mobile XSS、看我如何利用Self-XSS、Angular CSP策略绕过
国内热词(以下内容部分摘自http://www.solidot.org/):
Linux kernel 3.18 LTS释出3.18.48,终止支持
编程将是下一个蓝领工作
RAP发布星球上最强内核CFI实现
美国国土安全部表示可能会要求外国游客交出社交网络密码
资讯类:
五款反监控工具,可以帮助您提高在线安全和隐私
http://securityaffairs.co/wordpress/56115/digital-id/5-anti-surveillance-tools-privacy.html
Google将对Play应用商店缺少有效隐私权政策的APP进行处罚
http://www.zdnet.com/article/google-plans-purge-of-play-store-apps-without-privacy-policies/
技术类:
Github & CSRF 组合入企业内网的案例
https://www.secpulse.com/archives/55359.html
XSSMas Challenge 2016 WriteUp
https://github.com/cure53/XSSChallengeWiki/wiki/XSSMas-Challenge-2016
Invoke-Vnc:一个powershell vnc注入工具
https://github.com/artkond/Invoke-Vnc
Remote Exploit. Shellcode without Sockets
https://0x00sec.org/t/remote-exploit-shellcode-without-sockets/1440
Angular CSP策略绕过
https://github.com/angular/angular.js/commit/0ff10e1b56c6b7c4ac465e35c96a5886e294bac5
未修补的jQuery Mobile XSS
http://sirdarckcat.blogspot.com/2017/02/unpatched-0day-jquery-mobile-xss.html
看我如何利用Self-XSS
http://www.geekboy.ninja/blog/airbnb-bug-bounty-turning-self-xss-into-good-xss-2/
逆向8008微处理器的ALU(算术逻辑单元)
http://www.righto.com/2017/02/reverse-engineering-surprisingly.html
Kudelski X41 Wire Report
https://www.x41-dsec.de/reports/Kudelski-X41-Wire-Report-phase1-20170208.pdf
LG的lgdrmserver binder服务中的多个条件竞争漏洞
https://bugs.chromium.org/p/project-zero/issues/detail?id=986
在线实时的正则表达式工具
Linux/x86 – Reverse TCP Alphanumeric Staged Shellcode (103 bytes)
https://www.exploit-db.com/exploits/41282/
Microsoft Office Word 恶意宏执行
https://cxsecurity.com/issue/WLB-2017020086
利用Node.js反序列化的漏洞执行远程代码
https://www.exploit-db.com/docs/41289.pdf
通过JMX访问破坏Apache Tomcat(zh)
http://bobao.360.cn/learning/detail/3478.html
Ticketbleed:F5 BIG-IP设备TLS/SSL堆栈漏洞(CVE-2016-9244)