资讯类
Facebook:剑桥分析公司拥有比预想的要多得多的数据
Microsoft带外安全更新修补恶意软件保护引擎漏洞
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0986
Microsoft issued out-of-band patch to fix CVE-2018-0986 Malware Protection Engine flaw
最新的macOS更新不再对许多外部监视器提供支持
CertUtil.exe可能允许攻击者绕过AV时下载恶意软件
Google Chrome扩展程序检测到“零宽度字符”指纹攻击
技术类
漏洞聚焦:Natus NeuroWorks多个漏洞
http://blog.talosintelligence.com/2018/04/vulnerability-spotlight-natus.html
通过蓝牙从FUZE窃取信用卡
https://blog.ice9.us/2018/04/stealing-credit-cards-from-fuze-bluetooth.html
Vulnerability Modeling with Binary Ninja
Vulnerability Modeling with Binary Ninja
Triaging a DLL planting vulnerability
https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/
与OceanLotus相关的新MacOS后门
如何攻击FTP客户端
https://snyk.io/blog/attacking-an-ftp-client/
Hunting down Dofoil with Windows Defender ATP
解包可执行文件 – ESP技巧
https://goggleheadedhacker.com/blog/post/6
使用Hashcat破解256个字符的密码
https://cyberarms.wordpress.com/2018/04/03/cracking-passwords-up-to-256-characters-with-hashcat/