安全路透社
当前位置:安全路透社 > 安全客 > 正文

【知识】11月7日 – 每日安全知识热点

http://p6.qhimg.com/t017313015b51e6034e.png

热点概要:数字签名恶意软件的崛起WWE名人的Whatsapp屏幕截图和图片等信息泄露GIBON勒索软件出现绕过安卓网络安全配置CVE-2017-8715分析探索影响Android的6个内核漏洞、2017 Q3 DDoS

资讯类:


数字签名恶意软件的崛起

https://thehackernews.com/2017/11/malware-digital-certificate.html

WWE名人的Whatsapp屏幕截图和图片等信息泄露

http://securityaffairs.co/wordpress/65223/hacking/diva-paige-data-leak.html

GIBON勒索软件出现

http://securityaffairs.co/wordpress/65214/malware/gibon-ransomware.html

KRACKDetector——KRACK检测工具发布

http://securityaffairs.co/wordpress/65229/hacking/krack-detector.html

Amazon S3 Bucket配置错误将导致中间人攻击

https://www.bleepingcomputer.com/news/security/misconfigured-amazon-s3-buckets-expose-users-companies-to-stealthy-mitm-attacks/

技术类:


渗透测试Cheat Sheet

https://techincidents.com/penetration-testing-cheat-sheet/


Ethernuat CTF Writeup

https://medium.com/positive-ico/the-ethernaut-ctf-writeup-dc3021824abc

深入Shade:勒索软件分析

https://secrary.com/ReversingMalware/UnpackingShade/

重构ROCA

https://blog.cr.yp.to/20171105-infineon.html

恶意子域名接管工具Subjack

https://github.com/haccer/subjack

绕过安卓网络安全配置

https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/november/bypassing-androids-network-security-configuration/

Path Pivot攻击

https://gdelugre.github.io/2017/11/06/samba-path-pivot-attack/

CVE-2017-8715分析

https://posts.specterops.io/a-look-at-cve-2017-8715-bypassing-cve-2017-0218-using-powershell-module-manifests-1f811aea858c

恶意PowerShell与AMSI

https://github.com/cobbr/slides/blob/master/BSides/DFW/PSAmsi%20-%20Offensive%20PowerShell%20Interaction%20with%20the%20AMSI.pdf

探索影响Android的6个内核漏洞

https://pleasestopnamingvulnerabilities.com/

NTFS的百科全书

http://www.kes.talktalk.net/ntfs/

二进制中的奥妙:文件结构

https://www.slideshare.net/AngelBoy1/play-with-file-structure-yet-another-binary-exploit-technique

Oceanlotus Blossoms:针对东盟、亚洲、媒体等目标的攻击

https://www.volexity.com/blog/2017/11/06/oceanlotus-blossoms-mass-digital-surveillance-and-exploitation-of-asean-nations-the-media-human-rights-and-civil-society/

绕过现代的进程检测机制

http://riscy.business/2017/11/bypassing-modern-process-hollowing-detection/

接管Instagram账户

https://stefanovettorazzi.com/taking_over_instagram_accounts/

AppLocker绕过列表

https://github.com/api0cradle/UltimateAppLockerByPassList/blob/master/README.md

2017 Q3 DDoS

https://securelist.com/ddos-attacks-in-q3-2017/83041/


本文地址:http://bobao.360.cn/learning/detail/4668.html

未经允许不得转载:安全路透社 » 【知识】11月7日 – 每日安全知识热点

赞 (0)
分享到:更多 ()

评论 0

评论前必须登录!

登陆 注册