2月12日安全热点 - 黑客利用macOS截图功能来窃取用户隐私

 

资讯类

美英政府网站被注入矿工，影响范围甚广

https://www.bleepingcomputer.com/news/security/u-s-and-uk-govt-sites-injected-with-miners-after-popular-script-was-hacked/

 

黑客可利用macOS应用程序截图功能来窃取密码，标记，密钥

https://www.bleepingcomputer.com/news/apple/researcher-uses-macos-app-screenshot-feature-to-steal-passwords-tokens-keys/

 

技术类

思科NX-OS VDC接管漏洞

https://medium.com/@gregIT/owning-the-data-centre-cisco-nx-os-vdc-takeover-vulnerability-f53d8ce945b8

 

在Snapchat上存储XSS

https://medium.com/@mrityunjoy/stored-xss-on-snapchat-5d704131d8fd

 

使用concolic执行静态分析恶意软件

https://int0xcc.svbtle.com/using-concolic-execution-for-static-analysis-of-malware

 

教程：恶意软件分析

https://www.slideshare.net/bartblaze/malware-analysis-threat-intelligence-and-reverse-engineering

 

From APK to Golden Ticket

https://docs.google.com/document/d/1XWzlOOuoTE7DUK60qTk1Wz1VNhbPaHqKEzyxPfyW4GQ/edit#heading=h.2m380ikv89me

 

警惕GLOBEIMPOSTER勒索软件

https://www.secpulse.com/archives/68257.html

 

使用hashcat强化Linux全盘加密（LUKS）

https://blog.pnb.io/2018/02/bruteforcing-linux-full-disk-encryption.html

 

使用图像链接的UNC路径注入

https://www.secpulse.com/archives/68334.html

 

macOS内核漏洞

https://www.exploit-db.com/exploits/44007/

 

bug bounty program

http://10degres.net/the-bugbounty-program-that-changed-my-life/

 

Nessus插件的武器化

https://depthsecurity.com/blog/weaponization-of-nessus-plugins

 

易受攻击的ARM二进制文件集合

https://github.com/Billy-Ellis/Exploit-Challenges

 

BLEAH – 一种用于“智能”设备的BLE扫描仪

https://www.kitploit.com/2018/02/bleah-ble-scanner-for-smart-devices.html

 

Winpayloads – 不可检测的Windows Payload生成工具

https://www.kitploit.com/2017/07/winpayloads-undetectable-windows.html

 

StaCoAn——一个在移动应用上执行静态代码分析的跨平台工具

https://github.com/vincentcox/StaCoAn

 

Windows转储文件解密工具

https://github.com/AlessandroZ/LaZagneForensic