HanDs
管理员

7月08日-每日安全知识热点 



http://p0.qhimg.com/t01f7ef32da341925d2.jpg

技术类:

Experimenting with Post-Quantum Cryptography

https://security.googleblog.com/2016/07/experimenting-with-post-quantum.html


SQL盲注时每次请求时提取多位

http://howto.hackallthethings.com/2016/07/extracting-multiple-bits-per-request.html


一个命令行工具用于检测共享的密码

https://github.com/philwantsfish/shard

https://www.researchgate.net/publication/304789264_20160630_Whisper_in_the_Wire-Voice_Command_Injection_Reloaded


使用国际化域名进行Homograph攻击

https://hethical.io/homograph-attack-using-internationalized-domain-name/


Trello bug bounty:当team改成可见时候,付款信息可以发送到webhook

https://hethical.io/trello-bug-bounty-payments-informations-are-sent-to-the-webhook-when-a-team-changes-its-visibility/


Inspector : 面向andorid通过API HOOKS实行动态分析的开源工具

https://github.com/ac-pm/Inspeckage


webshell分析第三部分:每次都是一样的故事

https://dfir.it/blog/2016/07/06/webshells-every-time-the-same-story-dot-dot-dot-part-3/


线上监听:Voice命令注入

https://www.researchgate.net/publication/304789264_20160630_Whisper_in_the_Wire-Voice_Command_Injection_Reloaded


通过恶意扩展劫持用户实行欺诈

https://blog.perimeterx.com/hijacking-users-affiliate-fraud/


shodan发布一个世界范围内使用tp-link摄像头的地图,每款摄像头的统计在https://gist.githubusercontent.com/achillean/162a885c73b6b7c17c34b1e81b111ea1/raw/061a8015016f579b606063c557513f7db06eec06/dlink-products.csv,相关新闻报道在http://www.securityweek.com/serious-vulnerability-affects-over-120-d-link-products

https://dlink-report.shodan.io/


使用SxS重定向获取system权限

http://www.kernelmode.info/forum/viewtopic.php?f=11&t=3643&p=28833#p28833


在一个文件中体现5种已知的白名单绕过技术

https://github.com/subTee/AllTheThings


自动恶意软件分析:通过vbs脚本逃逸沙盒

http://joe4security.blogspot.it/2016/07/rise-of-vbs-evading-sandboxes.html


filealyzer更新到2.0.5.57

https://www.safer-networking.org/products/filealyzer/


Deviare是一个专业的开源hooking 引擎可以劫持任意win32函数

https://github.com/nektra/deviare2


Shodan HQ nmap 扫描插件

https://github.com/glennzw/shodan-hq-nse


攻击KeyStore

http://eprint.iacr.org/2016/677.pdf


bitdefender发布的Pacifier APT 组织报告

http://download.bitdefender.com/resources/media/materials/white-papers/en/Bitdefender-Whitepaper-PAC-A4-en_EN1.pdf


使用windbg分析恶意文档

https://thembits.blogspot.com/2016/06/loffice-analyzing-malicious-documents.html


Deciphering Malware’s use of TLS

http://arxiv.org/pdf/1607.01639v1.pdf


ADWIND RAT木马复出:针对丹麦公司

https://threatpost.com/adwind-rat-resurfaces-targeting-danish-companies/119060/


OpenCellular介绍:一个开源的无线访问平台

https://code.facebook.com/posts/1754757044806180/


资讯类:

新的adwind木马,杀毒软件零检测

http://news.softpedia.com/news/new-adwind-rat-campaign-with-zero-av-detection-targets-businesses-in-denmark-505974.shtml


杀软的战争:Sophos vs. Cylance

http://www.databreachtoday.com/blogs/anti-virus-wars-sophos-vs-cylance-p-2172


APT组织 ‘Patchwork’

https://threatpost.com/apt-group-patchwork-cuts-and-pastes-a-potent-attack/119081/?utm_source=dlvr.it&utm_medium=twitter


你的智能手表和手环如何跟踪你的手指操作,还原出你的ATM密码

http://www.tripwire.com/state-of-security/featured/smartwatch-fitness-tracker-atm-pin/


收购信息:

Avast以13亿美元现金收购AVG:Avast Software宣布以每股25美元溢价33%收购竞争对手AVG Technologies,收购报价合计约13亿美元。新闻稿称,两个公司的用户加起来超过4亿,其中移动用户1.6亿

http://thehackernews.com/2016/07/antivirus-avast-avg.html


数据泄露信息:

guccifer继续泄露DNC的文档

https://guccifer2.wordpress.com/2016/07/06/trumpocalypse/


学习中请遵守法律法规,本网站内容均来自于互联网,本网站不负担法律责任
7 08 - 每日安全知识热点
#1楼
发帖时间:2016-7-9   |   查看数:0   |   回复数:0
游客组
快速回复