3月28日-每日安全知识热点

阅读量    30569 |

分享到: QQ空间 新浪微博 微信 QQ facebook twitter

http://p0.qhimg.com/t01f7ef32da341925d2.jpg

1、OpenMeetings远程代码执行漏洞

http://haxx.ml/post/141655340521/all-your-meetings-are-belong-to-us-remote-code

2、积极主动的防御恶意欺诈勒索软件(通过设置文件权限,挂载点)

http://www.freeforensics.org/2016/03/proactively-reacting-to-ransomware.html

3、对Troyano恶意欺诈软件的简单分析

http://nyxbone.com/malware/Troldesh.html


4、eMMC后门漏洞被用来解锁Galaxy S5的Bootloader

http://theroot.ninja/disclosures/SAMDUNK_1.0-03262016.pdf


5、一些渗透/安全方面的cheatsheet

https://github.com/jshaw87/Cheatsheets


6、用于收集攻击者对服务(ftp, telnet, ssh, http, pop3 and smtp)暴力破解攻击字典的蜜罐

https://github.com/johnnykv/heralding


7、EMV协议fuzzer

https://labs.mwrinfosecurity.com/system/assets/1137/original/MWR_InfoSecurity_POS_Fuzzer_v1_summary.pdf


8、如何从利用yahoo域下载恶意文件

http://shield4you.blogspot.tw/2016/03/how-i-able-to-download-any-malicious.html


9、收集的一些恶意软件样本

https://github.com/malwares/DangerousZone?platform=hootsuite


10、Windows Research Kernel

https://github.com/hacksysteam/WRK-1.2


11、路径拦截( path interception)技术

http://www.hexacorn.com/blog/2016/03/26/beyond-good-ol-run-key-part-37/


12、Caradoc:一个PDF解析和验证工具

https://github.com/ANSSI-FR/caradoc


13、7个经典的SQL SERVER安全提示

http://thelasttechie.com/2016/03/26/seven-essential-sql-server-security-tips/


14、透过空气hacking GSM

https://blog.kaspersky.com/gsm-hijacking/11660/


15、Retya恶意欺诈软件覆写你的MBR和MFT加密你的磁盘

http://www.bleepingcomputer.com/news/security/petya-ransomware-skips-the-files-and-encrypts-your-hard-drive-instead/


16、Fortigate后门密码计算工具

https://packetstormsecurity.com/files/136430/Forsploit.py.txt


17、当我们在spatialos上模拟骨干网络的时候发现了什么

http://improbable.io/2016/03/24/what-we-found-when-we-simulated-the-backbone-of-the-entire-internet-on-spatialos


18、恶意PAYLOAD隐藏在PNG文件中

https://securelist.com/blog/virus-watch/74297/png-embedded-malicious-payload-hidden-in-a-png-file/


19、分析ANDROID。GOLEM下载组件

https://www.pnfsoftware.com/blog/analysis-of-android-golem-downloader-component/


20、SyScan3602016会议议题:Memory Corruption is for wussies.pdf

http://go.sentinelone.com/rs/327-MNM-087/images/SyScan360%20SG%202016%20-%20Memory%20Corruption%20is%20for%20wussies.pdf


21、编写CLAM AV 0.99的签名

http://malwarefor.me/writing-signatures-for-clam-av-0-99-a-tutorial/


22、钓鱼黑客:Linux服务器攻击的分析

https://sysdig.com/blog/fishing-for-hackers/


23、我如何渗透的4%(已经被锁定)的Instagram账号

https://www.arneswinnen.net/2016/03/how-i-could-compromise-4-locked-instagram-accounts/


24、通过内部和遗留的API检测wine

http://www.hexacorn.com/blog/2016/03/27/detecting-wine-via-internal-and-legacy-apis/

分享到: QQ空间 新浪微博 微信 QQ facebook twitter
|推荐阅读
|发表评论
|评论列表
加载更多