热点概要:朝鲜广播站被黑,黑客播放The Final Countdown、Ordinypt勒索软件出现,只针对德国用户、CVE-2017-7219详细分析、在合法进程中隐藏代码、Websockets与IE/Edge实现C2通信、从零起步——Malwarebytes反编译教程、IKEv1与CVE-2016-1287。
资讯类:
研究人员可通过IDS签名绕过IDS
http://www.securityweek.com/researcher-bypasses-ids-using-ids-signatures
朝鲜广播站被黑,黑客播放The Final Countdown
Ordinypt勒索软件出现,只针对德国用户
http://securityaffairs.co/wordpress/65371/malware/ordinypt-wiper.html
技术类:
CVE-2017-7219详细分析
Websockets与IE/Edge实现C2通信
https://arno0x0x.wordpress.com/2017/11/10/using-websockets-and-ie-edge-for-c2-communications/
在合法进程中隐藏代码
https://www.adlice.com/runpe-hide-code-behind-legit-process/
汇编Cheatsheet
https://azeria-labs.com/assembly-basics-cheatsheet/
绕过杀软的提权
https://bogner.sh/2017/11/avgater-getting-local-admin-by-abusing-the-anti-virus-quarantine/
Linux Process Hunter
https://gitlab.com/nowayout/prochunter
从零起步——Malwarebytes反编译教程
IKEv1与CVE-2016-1287
Linux下的TCP Bind Shellcode
Smart Massager的逆向与利用
https://medium.com/@arunmag/how-i-reverse-engineered-and-exploited-a-smart-massager-ee7c9f21bf33
Hashes.org函数介绍
https://s3inlc.wordpress.com/2017/11/10/algorithms-on-hashes-org/
Eavesdropper:移动端数据泄漏漏洞
移动端DDoS产业
https://krebsonsecurity.com/2017/11/ddos-for-hire-service-launches-mobile-app/