2月1日-每日安全知识热点

http://p7.qhimg.com/t01eba11609afc35030.jpg

1.IOS远程热补丁的风险和好处

https://www.fireeye.com/blog/threat-research/2016/01/hot_or_not_the_bene.html

2.由avicoder重新排版后的AlephOne的经典文章Smashing the Stack for Fun & Profit

https://avicoder.me/2016/02/01/smashsatck-revived/

3.android反向工程框架Lobotomy 1.2发行

https://github.com/LifeForm-Labs/lobotomy/releases/tag/1.2

4.使用bettercap和sparkle更新实现针对osx的大量pwn

https://www.evilsocket.net/2016/01/30/osx-mass-pwning-using-bettercap-and-the-sparkle-updater-vulnerability/

5.评估Oralce E-Business suite 11i (条件竞争漏洞)

http://www.davidlitchfield.com/AssessingOraclee-BusinessSuite11i.pdf

6.osx中的一些脆弱应用程序

https://vulnsec.com/2016/osx-apps-vulnerabilities/

7.mutillidae 2.6.35发行:更新BEEF的帮助文档

http://sourceforge.net/projects/mutillidae/files/

8.在线APK反编译网站

http://www.javadecompilers.com/apk

9.针对一些外国VPN提供商的隐私比较视图

https://docs.google.com/spreadsheets/u/2/d/1FJTvWT5RHFSYuEoFVpAeQjuQPU4BVzbOigT0xebxTOw/htmlview?usp=sharing&sle=true#

10.在Android 5.x上真实世界的Stagefright利用笔记

https://www.nccgroup.trust/globalassets/our-research/uk/whitepapers/2016/01/libstagefright-exploit-notespdf/

11.反向工程在线游戏

http://0xbaadf00dsec.blogspot.in/2016/01/reverse-engineering-online-games.html

12.DFIR(数字取证和事件响应)新手入门

http://sroberts.github.io/2016/01/11/introduction-to-dfir-the-beginning/

13.绕过XSS过滤器

http://www.sjoerdlangkemper.nl/2016/01/29/circumventing-xss-filters/

14.一个burpsuite插件用来检测网站弱csp策略

https://github.com/moloch–/CSP-Bypass

15.Bindead :二进制静态分析工具

https://bitbucket.org/mihaila/bindead/wiki/Home

16.从linux到windows:新的跨平台后门家族被发现

https://securelist.com/blog/research/73503/from-linux-to-windows-new-family-of-cross-platform-desktop-backdoors-discovered/

17.木马隐藏在google play games

https://www.grahamcluley.com/2016/01/android-trojan-steganography/

18.恶意office文件捆绑kaside和dridex后门

http://research.zscaler.com/2016/01/malicious-office-files-dropping-kasidet.html

19.Antiy实验室发布的CVE-2015-8651分析

http://www.antiy.net/p/an-analysis-on-the-principle-of-cve-2015-8651/

20.openssl在Diffie-Hellman协议中重复使用不安全的素数

http://www.kb.cert.org/vuls/id/257823

21.隐藏在tor后门的apache服务,能够通过status页面泄露敏感信息

http://www.dailydot.com/politics/apache-server-status-tor/

22.使用bro分析rdp流量

https://speakerdeck.com/jshlbrd/analyzing-rdp-traffic-with-bro

23.硬件和固件攻击:防护,检测和响应

https://code.facebook.com/posts/182707188759117

24.各种脚本语言的一句话开启http服务的checksheet

https://gist.github.com/willurd/5720255

免责声明:文章内容不代表本站立场,本站不对其内容的真实性、完整性、准确性给予任何担保、暗示和承诺,仅供读者参考,文章版权归原作者所有。如本文内容影响到您的合法权益(内容、图片等),请及时联系本站,我们会及时删除处理。查看原文

为您推荐