【知识】11月10日 - 每日安全知识热点

热点概要：维基解密放出CIA Hive源代码、CVE-2017-16642基于堆的缓冲区溢出漏洞、Hyper-V安全从0到1、IoT开发——NanoPi NEO 2、针对C#编译器的DoS攻击、动态生成PDF中的漏洞——XSS与本地文件读取的结合、VirtualBox远程DoS漏洞分析。

 

 

 

 

资讯类：

 

 

 

 

 

 

 

谷歌分析钓鱼是比键击记录器和密码复用更严重的威胁

https://www.bleepingcomputer.com/news/security/google-ranks-phishing-above-keyloggers-and-password-reuse-as-bigger-threat-to-users/

 

维基解密放出CIA Hive源代码

https://thehackernews.com/2017/11/cia-hive-malware-code.html

 

CVE-2017-16642基于堆的缓冲区溢出漏洞

http://www.securityfocus.com/bid/101745

 

 

 

技术类：

 

 

 

 

 

 

 

 

Hyper-V安全从0到1

https://bbs.pediy.com/thread-222626.htm

 

IE11 jscript的UAF漏洞

https://bugs.chromium.org/p/project-zero/issues/detail?id=1340

 

Hitcon 2017 Writeup

https://tradahacking.vn/hitcon-2017-ghost-in-the-heap-writeup-ee6384cd0b7

 

非HTTPS网站黑名单

https://blog.sucuri.net/2017/05/non-https-websites-blacklisted-for-passwords-without-ssl.html

 

基于Radare的Android APK分析

https://github.com/mhelwig/apk-anal

 

Drexel One API逆向工程

https://medium.com/@tomershemesh/reverse-engineering-the-drexel-one-api-370a560afedf

 

教你编写x86-64 JIT编译器

https://csl.name/post/python-jit/

 

IoT开发——NanoPi NEO 2

https://mzyy94.com/blog/2017/11/10/nanopineo2-homekit/

 

针对C#编译器的DoS攻击

http://mattwarren.org/2017/11/08/A-DoS-Attack-against-the-C-Compiler/

 

 

动态生成PDF中的漏洞——XSS与本地文件读取的结合

 

http://www.noob.ninja/2017/11/local-file-read-via-xss-in-dynamically.html

 

VirtualBox远程DoS漏洞分析

https://unimplemented.org/vbox-cve2016-5608-analysis.html

 

iOS与iCloud的取证分析

https://blog.elcomsoft.com/2017/11/the-art-of-ios-and-icloud-forensics/

 

AWS安全总览 第二部分

http://sysforensics.org/2017/11/aws-security-overview-part-ii-iam/

 

攻击.NET序列化

https://speakerdeck.com/pwntester/attacking-net-serialization

 

Toast Overlay攻击

http://blog.trendmicro.com/trendlabs-security-intelligence/toast-overlay-weaponized-install-android-malware-single-attack-chain/