安全路透社
当前位置:安全路透社 > 安全客 > 正文

【知识】9月1日 – 每日安全知识热点

http://p6.qhimg.com/t017313015b51e6034e.png

热点概要:逆向工程OBi200 Google语音应用程序(Part 1)、CertReq Exfiltration – 通过Native工具和CSR获取数据、Poison Ivy样本分析、美国中情局(CIA)开发的Windows恶意软件,改变引导扇区加载恶意软件、解析Chrome扩展程序Facebook恶意软件

资讯类:


Instagram API存在漏洞 名人通讯详情泄露

https://www.theregister.co.uk/2017/08/31/instagram_leaks_verified_members_contacts_via_api_bug/ 

Telnet端口未设密码 近3000比特币矿机遭暴露

https://www.bleepingcomputer.com/news/security/nearly-3-000-bitcoin-miners-exposed-online-via-telnet-ports-without-passwords/ 

技术类:


逆向工程OBi200 Google语音应用程序(Part 1)

https://randywestergren.com/reverse-engineering-obi200-google-voice-appliance-part-1/ 

CertReq Exfiltration – 通过Native工具和CSR获取数据!

https://www.doyler.net/security-not-included/certreq-exfiltration 

Poison Ivy样本分析

https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/august/analysing-a-recent-poison-ivy-sample/?Year=2017&Month=8 

Pentest Home Lab – 0x3 – Kerberoasting: Creating SPNs so you can roast them 

https://sethsec.blogspot.com/2017/08/pentest-home-lab-0x3-kerberoasting.html 

美国中情局(CIA)开发的Windows恶意软件,改变引导扇区加载恶意软件

https://wikileaks.org/vault7/document/Angelfire-2_0-UserGuide/Angelfire-2_0-UserGuide.pdf 

RedSnarf:用于Windows环境的渗透测试工具

https://github.com/nccgroup/redsnarf 

解析Chrome扩展程序Facebook恶意软件

https://labs.detectify.com/2017/08/31/dissecting-the-chrome-extension-facebook-malware/ 

禁用Wi-Fi是否可以阻止Android手机发送Wi-Fi frames?

https://hal.inria.fr/hal-01575519/document 

Joomla Component Huge-IT Portfolio Gallery Plugin 1.0.6 – SQL注入漏洞

https://www.exploit-db.com/exploits/42597/ 

OSINT Framework(公开资源情报计划框架)

https://github.com/lockfale/osint-framework 

Working Around Twitter API Restrictions To Identify Bots

https://labsblog.f-secure.com/2017/08/31/working-around-twitter-api-restrictions-to-identify-bots/ 

FirmUSB: Vetting USB Device Firmware using Domain Informed Symbolic Execution

https://arxiv.org/abs/1708.09114 

https://arxiv.org/pdf/1708.09114.pdf 

Luminate Store Basics defacement and potential takeover

https://medium.com/@uranium238/luminate-store-basics-defacement-and-potential-takeover-9cf336fac8e5 

Writeup CTF RHME3: exploitation

https://ktln2.org/2017/08/31/rhme3-exploitation-writeup/ 

Instagram is listening to you

https://medium.com/@damln/instagram-is-listening-to-you-97e8f2c53023 

SharknAT&To

https://www.nomotion.net/blog/sharknatto/ 


本文地址:http://bobao.360.cn/learning/detail/4344.html

未经允许不得转载:安全路透社 » 【知识】9月1日 – 每日安全知识热点

赞 (0)
分享到:更多 ()

评论 0

评论前必须登录!

登陆 注册