热点概要：mysql暗度数据的套路 、从CVE-2016-7644回到CVE-2016-4669、MS14-068域权限提升漏洞总结、Debian 9 ntfs-3g 提权、Spring Boot远程代码执行（老漏洞）

国内热词(以下内容部分摘自http://www.solidot.org/)：

---

GitLab称707位用户丢失数据

因担心黑客纂改荷兰政府宣布用手工计票

Mozilla终止Firefox OS项目，裁掉50名雇员

开工大吉

资讯类：

---

黑客倾销从Cellebrite盗取来的ios破解工具

https://motherboard.vice.com/en_us/article/hacker-dumps-ios-cracking-tools-allegedly-stolen-from-cellebrite

无线电台被黑，重复播放反特朗普的音乐

http://thehackernews.com/2017/02/radio-station-trump-hack.html

技术类：

---

macOS内核安全研究的一个ppt

https://www.zdziarski.com/blog/wp-content/uploads/2017/02/Crafting-macOS-Root-Kits.pdf

Spring Boot远程代码执行（老漏洞）

https://deadpool.sh/2017/RCE-Springs/

G Suite中gmail路由缺陷绕过域验证 

http://blog.pentestnepal.tech/post/156707088037/i-got-emails-g-suite-vulnerability

Windows SMBv3拒绝服务漏洞的更多细节

https://isc.sans.edu/diary/Windows%2BSMBv3%2BDenial%2Bof%2BService%2BProof%2Bof%2BConcept%2B%280%2BDay%2BExploit%29/22029

https://www.bleepingcomputer.com/news/security/smb-zero-day-affects-several-windows-versions-including-windows-10/

mysql暗度数据的套路

https://osandamalith.com/2017/02/03/mysql-out-of-band-hacking/

Debian 9 ntfs-3g 提权

https://www.exploit-db.com/exploits/41240/

webshell渗透引导篇

http://www.hackingarticles.in/web-shells-penetration-testing-beginner-guide/

利用有DRM的视频文件获取客户端真实的ip

https://www.myhackerhouse.com/windows_drm_vs_torbrowser/

Windows环境的渗透测试工具

https://github.com/nccgroup/redsnarf

MacOS /iOS snoop库注入拦截XPC消息

http://newosxbook.com/tools/XPoCe.html

从CVE-2016-7644回到CVE-2016-4669 

http://turingh.github.io/2017/01/15/CVE-2016-7644-%E4%B8%89%E8%B0%88Mach-IPC/

MS14-068域权限提升漏洞总结

https://forum.90sec.org/forum.php?mod=viewthread&tid=10255

“spora”敲诈者木马分析

http://bobao.360.cn/learning/detail/3453.html

Linux – Multi/Dual mode Reverse Shell Shellcode (129 bytes)

https://www.exploit-db.com/exploits/41220/