5月23日-每日安全知识热点

阅读量    32067 |

分享到: QQ空间 新浪微博 微信 QQ facebook twitter

http://p0.qhimg.com/t01f7ef32da341925d2.jpg

反向工程我住的酒店的一个神秘的UDP流 [最后发现是电梯音乐]

http://wiki.gkbrk.com/Hotel_Music.html

使用USRP B200 + OPENBTS进行GSM/GPRS流量劫持,bladeRF版的在这里https://www.evilsocket.net/2016/03/31/how-to-build-your-own-rogue-gsm-bts-for-fun-and-profit/

https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/may/gsmgprs-traffic-interception-for-penetration-testing-engagements/

sucuri的第一季度的web站点被黑报告

https://sucuri.net/website-security/Reports/Sucuri-Website-Hacked-Report-2016Q1.pdf

TCP安全评估报告[虽然2009年的文档,但是依然很好]

https://web.archive.org/web/20090306052826/http://www.cpni.gov.uk/Docs/tn-03-09-security-assessment-TCP.pdf

HP安全发布的2016年网网络风险报告

http://community.hpe.com/t5/Protect-Your-Assets/A-deep-insight-into-the-people-processes-amp-technology-of/ba-p/6860644

.dvalloc windbg/cdb 分配内存rwx权限,轻松用于SHELLCODE分析

https://msdn.microsoft.com/en-us/library/windows/hardware/ff562434(v=vs.85).aspx

恶意软件的秘密: JS/Nemucod下载者为什么下载合法的NOTEPAD++ [经过对比vt上的分析,有可能是本地测试目的]

https://blogs.mcafee.com/mcafee-labs/malware-mystery-jsnemucod-downloads-legitimate-installer/

RTF恶意软件如何逃逸静态检测

https://www.fireeye.com/blog/threat-research/2016/05/how_rtf_malware_evad.html

用于打CTF的工具包,用于轻松开发exploit,解决ctf关卡

https://github.com/edibledinos/pwnypack

VulnOS 2 Writeup

https://gknsb.blogspot.tw/2016/05/vulnos-2-writeup.html

QuantumInject :用python编写的包注入和检测工具

https://github.com/zare3/QuantumInject

隐藏在joomla核心文件database.php 中的preg_replace /e 后门

https://blog.sucuri.net/2016/05/unexpected-backdoor-fake-core-files.html

Hackpad的Content Spoofing bug [危害低]

http://shield4you.blogspot.tw/2016/05/dropbox-acquisition-download-any.html

Docker安全测试

https://medium.com/@alexeiled/docker-security-testing-3545e7493843#.5202cfsfx

从全栈HACKER防护云安全的PPT

https://speakerdeck.com/silvexis/defending-the-cloud-from-the-full-stack-hack-source-boston-2016

阻止用户终止你的服务或进程的c#脚本

https://gist.github.com/subTee/9808dd07493601cb30fc97bdbe832f71

CVE-2016-0288:AppScan 的xxe漏洞

http://www-01.ibm.com/support/docview.wss?uid=swg21980055

将telegram打造成CC平台

https://blog.blazeinfosec.com/bt2-leveraging-telegram-as-a-command-control-platform/

TOTP SSH port fluxing

https://blog.benjojo.co.uk/post/ssh-port-fluxing-with-totp

k3chang活动重新启用tidepool恶意软件

http://researchcenter.paloaltonetworks.com/2016/05/operation-ke3chang-resurfaces-with-new-tidepool-malware/

正则表达式调试

https://eigenstate.org/notes/regex-debug

Hipster DFIR on OSX –

https://speakerdeck.com/sroberts/hipster-dfir-on-osx-bsidescincy

2016 DEF CON Qualifier Challenges CTF 所有关卡题目

https://github.com/legitbs/quals-2016

分享到: QQ空间 新浪微博 微信 QQ facebook twitter
|推荐阅读
|发表评论
|评论列表
加载更多