资讯类
360威胁情报中心:现代CPU中的预测执行和乱序执行相关机制漏洞通告
https://mp.weixin.qq.com/s/e_ASsDJAZ9m6wFTF865yXA
投机之殇——解说史上最大CPU漏洞
VMSA-2018-0001:VMware安全公告
https://www.vmware.com/security/advisories/VMSA-2018-0001.html
ESA-2018-001:Dell安全公告
受影响产品:
EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0 EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x EMC Integrated Data Protection Appliance 2.0
CVE-2017-15548:认证绕过漏洞;CVE-2017-15549:任意文件上传漏洞;CVE-2017-15550:路径穿越漏洞
http://seclists.org/fulldisclosure/2018/Jan/17
Github网友说:”Spectre漏洞并没有修复,并不像Intel说的那样”
https://gist.github.com/woachk/2f86755260f2fee1baf71c90cd6533e9
Intel对于推测执行侧信道攻击漏洞的分析白皮书
AMD片上芯片的安全漏洞
hybrid-analysis追踪到的spectre POC
hybrid-analysis检测spectre POC的规则
https://www.hybrid-analysis.com/search?query=tag:spectre
技术类
数百个感染了Coinhive挖矿代码的安卓app
http://cdn.androidapk.world/downloads/
CoinHive挖矿代码
https://gist.github.com/fs0c131y/fe7373761e8ea2793f38d26b7e75ce3c
Dropper app
使用Snort检测企业流量
https://green-m.github.io/2018/01/05/network-detection-with-snort-in-company/
漫画Meltdown and Spectre
越狱的原理
https://blog.appknox.com/how-does-jailbreak-work/
CMSsc4n v2.0:用来判断某域下是否存在CMS,如WordPress, Moodle, Joomla, Drupal and Prestashop
https://www.kitploit.com/2018/01/cmssc4n-v20-tool-to-identify-if-domain.html
发表评论
您还未登录,请先登录。
登录