安全路透社
当前位置:安全路透社 > 安全客 > 正文

【知识】11月13日 – 每日安全知识热点

http://p6.qhimg.com/t017313015b51e6034e.png

热点概要:穆斯林黑客攻击ISIS网站,公布2万名订阅者名单、卡巴斯基发布2017 Q3网络威胁的发展情况、PayPal子域存储型XSS、对Ordinypt恶意软件的分析报告、ARM虚拟机环境搭建教程(含虚拟机下载)、对垃圾邮件僵尸网络一探究竟、使用自动执行的宏或DDE生成并“感染”现有的Excel文件、Hijacking Digital Signatures 

资讯类:


穆斯林黑客攻击ISIS网站,公布2万名订阅者名单

https://www.hackread.com/muslim-hacktivists-hack-isis-website-expose-subscribers-list/ 


卡巴斯基发布2017 Q3网络威胁的发展

https://securelist.com/it-threat-evolution-q3-2017-statistics/83131/ 

技术类:


PayPal子域存储型XSS

http://firstsight.me/fia07a53c4ec63d2b0d47fe27ea2645d82f8c98648/[ENG]%20PayPal%20-%20Turning%20Self-XSS%20into%20non-Self%20Stored-XSS%20via%20Authorization%20Issue.pdf

视频演示:https://www.youtube.com/watch?v=XwynfNOxIlI 

对Ordinypt恶意软件的分析报告

http://29wspy.ru/reversing/Ordinypt/Ordinypt.pdf 

Look Inside挑战的Writeup

https://0x00sec.org/t/writeup-look-inside/4310 

ARM虚拟机环境搭建教程(含虚拟机下载)

https://azeria-labs.com/arm-lab-vm/ 

http://p4.qhimg.com/t012517a15b3a609d22.png

Shed:.NET恶意软件运行时分析工具

http://antonioparata.blogspot.it/2017/11/shed-inspect-net-malware-like-sir.html 

https://github.com/enkomio/shed 

对垃圾邮件僵尸网络一探究竟

https://lokalhost.pl/txt/peering.into.spam.botnets.VirusBulletin2017.pdf 

分享一些值得一用的BurpSuite插件

http://offsecbyautomation.com/Worthwhile-BurpSuite-Plugins/ 

使用自动执行的宏或DDE生成并“感染”现有的Excel文件

https://github.com/samratashok/nishang/blob/master/Client/Out-Excel.ps1 

使用Autoruns:规避技巧以及对策

https://blogs.technet.microsoft.com/motiba/2017/11/04/chasing-adversaries-with-autoruns-evading-techniques-and-countermeasures/ 

Googler:命令行使用Google的工具

(sudo add-apt-repository ppa:twodopeshaggy/jarun && sudo apt-get update && sudo apt-get install googler )

http://www.linuxandubuntu.com/home/googler-a-command-line-tool-to-search-google

http://p8.qhimg.com/t01ae040cd658574fa4.png

Remotely gain root on Android via NFC

https://www.youtube.com/watch?v=UMrNQ1bnEBA 

GlobeImposter 2.0勒索软件配置文件的提取脚本

https://gist.github.com/Demonslay335/8faaa57891318aa438db4bff10b347df 


The Art of Exploiting Unconventional Use-after-free Bugs in Android Kernel

https://speakerdeck.com/retme7/the-art-of-exploiting-unconventional-use-after-free-bugs-in-android-kernel 

Hijacking Digital Signatures 

https://pentestlab.blog/2017/11/06/hijacking-digital-signatures/

x86 userland minimal examples

https://github.com/cirosantilli/x86-assembly-cheat 

x86 Bare Metal Examples

https://github.com/cirosantilli/x86-bare-metal-examples 


Destroying the Reddit Lovense Remote Vuln Conspiracy

https://internetofdon.gs/2017/11/11/destroying-the-reddit-lovense-remote-vuln-conspiracy/ 


本文地址:http://bobao.360.cn/learning/detail/4691.html

未经允许不得转载:安全路透社 » 【知识】11月13日 – 每日安全知识热点

赞 (0)
分享到:更多 ()

评论 0

评论前必须登录!

登陆 注册