12月23日安全热点 - Satori宣告终结/LTE安全指南

 

资讯类

Satori与它的幕后黑手——所谓的脚本小子被逮捕

https://www.bleepingcomputer.com/news/security/amateur-hacker-behind-satori-botnet/

 

Nissan Finance Canada被黑，大量顾客信息泄漏

http://securityaffairs.co/wordpress/67023/data-breach/nissan-finance-canada-hacked.html

 

本周勒索软件周报

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-22nd-2017-wannacry-arrests-and-more/

 

技术类

Java中预测Math.random()

https://franklinta.com/2014/08/31/predicting-the-next-math-random-in-java/

 

代码签名证书的克隆攻击

https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

 

Linux堆利用之Heap Double Free Attack

https://sensepost.com/blog/2017/linux-heap-exploitation-intro-series-riding-free-on-the-heap-double-free-attacks/

 

使用Burp和Magisk在Android7+上监测HTTPS流量

https://blog.nviso.be/2017/12/22/intercepting-https-traffic-from-apps-on-android-7-using-magisk-burp/

 

LTE安全指南

http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-187.pdf

 

Radare2与逆向工程 Part 2

https://medium.com/@jacob16682/reverse-engineering-with-radare2-part-2-83b71df7ffe4

 

Windows DMA攻击

https://sysdream.com/news/lab/2017-12-22-windows-dma-attacks-gaining-system-shells-using-a-generic-patch/

 

Spring Boot RCE

http://deadpool.sh/2017/RCE-Springs/

 

Elastalert与自动威胁监测

https://jordanpotti.com/2017/12/22/using-elastalert-to-help-automate-threat-hunting/

 

Burp与复杂Intruder攻击

https://www.trustedsec.com/2017/12/complex-intruder-attacks-burp/

 

SwordPhish：人类防火墙的脆弱性

https://github.com/Schillings/SwordPhish

 

都看到这了就送你一个终端游戏

http://sshtron.zachlatta.com