热点概要:用于创建后门的Python包、win7粘滞键后门、车联网安全:CAN协议分析、SMBLoris:Windows拒绝服务metasploit模块、Microsoft Windows – LNK Shortcut File Code Execution、ACCESS无select SQL注入、Marcus Hutchins(MalwareTech)被保释,但不能离开美国
国内热词(以下内容部分摘自http://www.solidot.org/ ):
WannaCry 勒索到的比特币被兑换成门罗币
东亚国家的 HTTPS 普及度较低
资讯类:
Marcus Hutchins(MalwareTech)被保释,但不能离开美国
http://thehackernews.com/2017/08/malwaretech-marcus-hutchins.html
MISP 2.4.78发布了一个重要的安全修复程序,用于共享组,多个bug修复和新的API功能
https://www.misp-project.org/2017/08/06/MISP.2.4.78.released.html
技术类:
用于创建后门的Python包
https://0x00sec.org/t/a-python-package-for-creating-backdoors/3170
ANGRYPUPPY(Cobalt Strike框架的工具)介绍
https://www.mdsec.co.uk/2017/08/introducing-angrypuppy/
win7粘滞键后门
http://3xp10it.cc/web/2017/08/03/win7%E7%B2%98%E6%BB%9E%E9%94%AE%E5%90%8E%E9%97%A8/
使用Hover改善Android用户输入的保密性
Microsoft图标显示错误允许攻击者使用特殊图标伪装PE文件
将XSS转化为RCE
https://blog.doyensec.com/2017/08/03/electron-framework-security.html
Keybase浏览器扩展安全问题解析
https://www.grepular.com/Keybase_Browser_Extension_Insecure
车联网安全:CAN协议分析
https://www.hackers-arise.com/single-post/2017/08/04/Automobile-Hacking-Part-1-The-CAN-Protocol
setattrlist()iOS内核漏洞分析
https://www.antid0te.com/blog.html
胖客户端测试Java反序列化导致RCE
http://blog.securelayer7.net/thick-client-penetration-testing-3javadeserialization-exploit-rce/
DEF CON 2017回顾
http://dttw.tech/posts/rJHDh3RLb
radare2(gdb-peda的替代品)介绍
https://monosource.github.io/2016/10/radare2-peda
SSRF Tips
http://blog.safebuff.com/2016/07/03/SSRF-Tips/
一个针对渗透测试工程师、安全研究员的学习资源收集汇总
https://github.com/Hack-with-Github/Awesome-Hacking/blob/master/README.md
如何自制Boot Loader
https://www.codeproject.com/Articles/36907/How-to-develop-your-own-Boot-Loader
Reverse-engineering of the cryptanalytic attack used in the Flame super-malware
https://eprint.iacr.org/2016/298.pdf
ACCESS无select SQL注入
https://forum.90sec.org/forum.php?mod=viewthread&tid=10663
自动逆向工程恶意软件仿真器
http://www.ict-forward.eu/media/workshop2/presentations/lee-re-malware-emulators.pdf
SMBLoris:Windows拒绝服务metasploit模块
https://github.com/rapid7/metasploit-framework/pull/8796
Microsoft Windows – LNK Shortcut File Code Execution
https://www.exploit-db.com/exploits/42429/
PhEmail:基于Python的开源邮件钓鱼工具
发表评论
您还未登录,请先登录。
登录