1. RAMpage攻击解释 – 再次在Android上利用RowHammer!
https://thehackernews.com/2018/06/android-rowhammer-rampage-hack.html
2. Hack the Box – Fulcrum写道
https://dastinia.io/write-up/hackthebox/2018/06/27/hackthebox-fulcrum-writeup/
3. 通过PAM后门和DNS
https://x-c3ll.github.io/posts/PAM-backdoor-DNS/
4. 通过滥用SSL / TLS绕过Web应用程序防火墙
https://0x09al.github.io/waf/bypass/ssl/2018/07/02/web-application-firewall-bypass.html
5. 通过所有ADB宽带网关中的网络文件共享缺陷进行本地根越狱
https://www.sec-consult.com/en/blog/advisories/local-root-jailbreak-via-network-file-sharing-flaw-in-all-adb-broadband-gateways-routers/
6. 高级编程语言开发人员的rust
https://iqdevs.github.io/Rust-for-High-Level-Programming-Language-Developers/
7. ps1中的一个简单的portforwarder
https://github.com/decoder-it/psportfwd
8. 下载Chrome中的炸弹技巧 – 同时影响Firefox,Opera,Vivaldi和Brave
https://www.bleepingcomputer.com/news/security/download-bomb-trick-returns-in-chrome-also-affects-firefox-opera-vivaldi-and-brave/
经测试,POC可使得谷歌浏览器无限下载
9. dumping域密码哈希
https://pentestlab.blog/2018/07/04/dumping-domain-password-hashes/
转载请注明:即刻安全 » 每日安全动态(7-4)