1. RAMpage攻击解释 – 再次在Android上利用RowHammer！

https://thehackernews.com/2018/06/android-rowhammer-rampage-hack.html

2. Hack the Box – Fulcrum写道

https://dastinia.io/write-up/hackthebox/2018/06/27/hackthebox-fulcrum-writeup/

3. 通过PAM后门和DNS

https://x-c3ll.github.io/posts/PAM-backdoor-DNS/

4. 通过滥用SSL / TLS绕过Web应用程序防火墙

https://0x09al.github.io/waf/bypass/ssl/2018/07/02/web-application-firewall-bypass.html

5. 通过所有ADB宽带网关中的网络文件共享缺陷进行本地根越狱

https://www.sec-consult.com/en/blog/advisories/local-root-jailbreak-via-network-file-sharing-flaw-in-all-adb-broadband-gateways-routers/

6. 高级编程语言开发人员的rust

https://iqdevs.github.io/Rust-for-High-Level-Programming-Language-Developers/

7. ps1中的一个简单的portforwarder

https://github.com/decoder-it/psportfwd

8. 下载Chrome中的炸弹技巧 – 同时影响Firefox，Opera，Vivaldi和Brave

https://www.bleepingcomputer.com/news/security/download-bomb-trick-returns-in-chrome-also-affects-firefox-opera-vivaldi-and-brave/

经测试，POC可使得谷歌浏览器无限下载

9. dumping域密码哈希

https://pentestlab.blog/2018/07/04/dumping-domain-password-hashes/

转载请注明：即刻安全 » 每日安全动态（7-4）