5月3日-每日安全知识热点

http://p0.qhimg.com/t01f7ef32da341925d2.jpg

1、Pwnedlist(跟踪账户信息泄露的网站)被黑

http://krebsonsecurity.com/2016/05/how-the-pwnedlist-got-pwned/

2、GrrCon 2015 :内存取证writeup

http://www.ghettoforensics.com/2016/05/grrcon-2015-memory-forensics-grabbing.html

3、CVE-2015-6639:高通安全执行环境权限提升漏洞poc

https://bits-please.blogspot.tw/2016/05/qsee-privilege-escalation-vulnerability.html

4、从ctf的比赛中捕获的流量中收集payload

https://medium.com/@foospidy/collecting-payloads-from-ctf-pcaps-65ffb5a76c09#.xxdr6w26i

5、CORS Enabled XSS

http://brutelogic.com.br/blog/cors-enabled-xss/

6、威胁情报学习第二部分:基础架构建立,第一部分:规划(https://www.fastly.com/blog/lean-threat-intelligence-part-1-plan)

https://www.fastly.com/blog/lean-threat-intelligence-part-2-foundation

7、反向工程实践第二部分:侦察固件

http://jcjc-dev.com/2016/04/29/reversing-huawei-router-2-scouting-firmware/

8、拦截IM应用(Telegram)是如何做到的

https://www.bellingcat.com/news/2016/04/30/russia-telegram-hack/

9、显示每个进程的网络传输的带宽监控脚本

https://github.com/akshayKMR/hogwatch

10、通过克隆站点来偷取Google Rankings

https://blog.sucuri.net/2016/04/cloned-website-stealing-google-rankings-seo-serp.html

11、使用NITRO API和POWERSHELL实现自动化的NetScaler

https://www.citrix.com/blogs/2016/04/29/automate-netscaler-using-nitro-api-and-powershell/

12、虚假的Andorid Update在欧洲推送SMS,点击欺诈

https://blogs.mcafee.com/mcafee-labs/fake-android-update-delivers-sms-click-fraud-europe/

13、CVE-2015-7214 POC

https://github.com/llamakko/CVE-2015-7214

14、实现UAC绕过的的开源POC

https://github.com/pedro-javierf/Twicexploit

15、VulnHub团队的GOOGLE CTF 部分writeup

https://github.com/VulnHub/ctf-writeups/tree/master/2016/google-ctf

16、GOOGLE CTF Mobile关部分writeup

https://github.com/yohanes/write-ups/tree/master/google-ctf

17、Google CTF web关部分writeup

http://buer.haus/2016/05/01/google-ctf-web-write-ups-1115/

18、p4-team团队的Google CTF 2016 部分writeup

https://github.com/p4-team/ctf/tree/master/2016-05-01-googlectf

19、Google CTF 2016 部分writeup

https://github.com/Blystad/googlectf_writeups/tree/master/networking

20、linux-insides系列:Inline assembly

https://github.com/0xAX/linux-insides/blob/master/Theory/asm.md

21、Injecting CSP for Fun and Security

http://research.sidstamm.com/papers/csp_icissp_2016.pdf

22、反向端口转发工具 v 1.0

https://github.com/ring04h/rtcp2udp

23、恶意欺诈软件病毒关闭电厂和水厂

http://thehackernews.com/2016/04/power-ransomware-attack.html

24、如何计划和执行现代安全事件响应

https://www.gartner.com/doc/reprints?ct=160427&id=1-34IIH00&st=sb

25、SSH for Fun and Profit

https://karla.io/2016/04/30/ssh-for-fun-and-profit.html

26、BotConf 2016会议的PPT和视频

https://www.botconf.eu/botconf-2015/final-programme/

27、反向工程发现atm skimmer

https://trustfoundry.net/reverse-engineering-a-discovered-atm-skimmer/

28、coreboot 4.4发行

https://firmwaresecurity.com/2016/05/02/coreboot-4-4-released/

29、php的system函数禁止时,获取shell访问

https://blog.asdizzle.com/index.php/2016/05/02/getting-shell-access-with-php-system-functions-disabled/

免责声明:文章内容不代表本站立场,本站不对其内容的真实性、完整性、准确性给予任何担保、暗示和承诺,仅供读者参考,文章版权归原作者所有。如本文内容影响到您的合法权益(内容、图片等),请及时联系本站,我们会及时删除处理。查看原文

为您推荐