【知识】3月23日 - 每日安全知识热点

热点概要：DoubleAgent技术：0day代码注入和持久化、简单绕过PowerShell约束语言模式、使用Punycode和homoglyphs模糊URL、IOS安全指南、Python Pickle的任意代码执行漏洞实践和Payload构造、JIT 编译的风险：第二部分、0ctf2017 Kernel Pwnable – note

国内热词(以下内容部分摘自http://www.solidot.org/)：

---

中国公司统治 Pwn2Own 2017

Google 宣布 Android O 开发者预览版

苹果: 红色iPhone7在中国不提艾滋病

资讯类：

---

黑客声称至少控制了2亿iCloud 账户，要么交赎金要么就抹掉设备

http://www.news.com.au/technology/online/hacking/hackers-threaten-to-wipe-200-million-icloud-accounts-unless-apple-pays-ransom/news-story/efc53517cce9f030a14cb38b4bf34cf8

技术类：

---

DoubleAgent技术：0day代码注入和持久化

https://cybellum.com/doubleagentzero-day-code-injection-and-persistence-technique/

Winnti组织利用GitHub进行C＆C通信

http://blog.trendmicro.com/trendlabs-security-intelligence/winnti-abuses-github/

SAVE:社会工程学

http://www.fak.dk/publikationer/Documents/Project%20SAVE.pdf

简单绕过PowerShell约束语言模式

https://pentestn00b.wordpress.com/2017/03/20/simple-bypass-for-powershell-constrained-language-mode/

inVtero.net：内存扫描取证，Gargoyle memory 开源的工具

https://github.com/ShaneK2/inVtero.net

使用Punycode和homoglyphs模糊URL

http://www.irongeek.com/i.php?page=security/out-of-character-use-of-punycode-and-homoglyph-attacks-to-obfuscate-urls-for-phishing

[算法系列]学点算法搞安全之SVM

https://mp.weixin.qq.com/s?__biz=MzIwOTc0MDU3NA==&mid=2247483856&idx=1&sn=99e6626f4c86702594de374db499f388&chksm=976e77a1a019feb7f97f3966bbba07bd561fb4f4069b5ed386ac134906e9a86ca28ec03c843f&mpshare=1&scene=1&srcid=0322jI3bd1v4yEq8xPfKFwSA&key=60fe7ed

Sucuri加入GoDaddy

https://blog.sucuri.net/2017/03/godaddy-sucuri-building-a-security-platform-for-every-website-owner.html

Python Pickle的任意代码执行漏洞实践和Payload构造

http://www.polaris-lab.com/index.php/archives/178/

IOS安全指南

https://www.apple.com/business/docs/iOS_Security_Guide.pdf

渗透测试 Node.js 应用

https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458282293&idx=1&sn=8f6953d2629eedc2ebefe8f119528890&scene=0#wechat_redirect

FAME：恶意软件自动化评估分析工具

https://github.com/certsocietegenerale/fame

0ctf2017 Kernel Pwnable – note

https://github.com/lovelydream/0ctf2017_kernel_pwn

如何获取攻击基础设施的隐私保护指标，最终找到数据

https://blog.domaintools.com/2017/03/hunt-case-study-hunting-campaign-indicators-on-privacy-protected-attack-infrastructure/

Kaitai Struct v0.7发布

http://kaitai.io/news/2017-03-22.html

JIT 编译的风险：第二部分

http://eli.thegreenplace.net/2017/adventures-in-jit-compilation-part-2-an-x64-jit/