【知识】8月28日 - 每日安全知识热点

http://p6.qhimg.com/t017313015b51e6034e.png

热点概要:超过1700台IoT设备和相关的telnet凭据已被泄露并公开放、黑客盗取HBO权利的游戏第七季并公开大结局剧情、Apple iOS <=10.3.1 – Kernel Exploit、OSX平台的流量监控和防火墙工具Little Snitch、用Flash利用JSON的CSRF、大量服务器的登录凭证被PDF钓鱼泄露、AVPASS:可绕过Android恶意软件检测系统的工具、恶意软件脱壳工具之二

资讯类:

安全研究人员警告:超过1700台IoT设备和相关的telnet凭据已被泄露并公开放在网上

http://securityaffairs.co/wordpress/62365/iot/iot-devices-credentials-leaked.html

黑客盗取HBO权利的游戏第七季并公开大结局剧情

https://www.hackread.com/hbo-hackers-leak-script-spoilers-of-game-of-thrones-season-finale/


技术类:

Apple iOS <=10.3.1 – Kernel Exploit

https://www.exploit-db.com/exploits/42555/


OSX平台的流量监控和防火墙工具Little Snitch

https://www.obdev.at/products/littlesnitch/index.html

用Flash利用JSON的CSRF

http://www.geekboy.ninja/blog/exploiting-json-cross-site-request-forgery-csrf-using-flash/

https://github.com/sp1d3r/swf_json_csrf/

大量服务器的登录凭证被PDF钓鱼泄露

http://www.ringzerolabs.com/2017/08/large-victim-credential-server.html

https://www.bilibili.com/video/av13897953/

Windows, Mac OSX和Linux平台的设置HTTPs以及自签名证书详细指南

https://www.humankode.com/asp-net-core/develop-locally-with-https-self-signed-certificates-and-asp-net-core

AVPASS:可绕过Android恶意软件检测系统的工具

http://www.kitploit.com/2017/08/avpass-tool-for-leaking-and-bypassing.html

https://github.com/sslab-gatech/avpass/blob/master/docs/README.md

Demo视频:

https://www.bilibili.com/video/av13898951/

https://www.bilibili.com/video/av13898920/

恶意软件脱壳工具, Part 1. Dumping executables from RWE memory

https://vallejo.cc/2017/08/13/tools-for-unpacking-malware-part-1-dumping-executables-from-rwe-memory/

恶意软件脱壳工具, Part 2. Weak encryption algorithms

https://vallejo.cc/2017/08/27/tools-for-unpacking-malware-part-2-weak-encryption-algorithms/

AI训练算法易被藏后门

https://arxiv.org/pdf/1708.06733v1.pdf

Passwords Evolved: Authentication Guidance for the Modern Era

https://www.troyhunt.com/passwords-evolved-authentication-guidance-for-the-modern-era/

iBoot exploitation material from BlackHat

mega:#!Op1gSDxR!n9P4Xy_H6iDErYDAvwWZNPe-aso2CmCeh8vph-UMoT0

https://pastebin.com/9FuxXRtA

WINspect – Powershell-based Windows Security Auditing Toolbox

http://www.kitploit.com/2017/08/winspect-powershell-based-windows.html

https://github.com/A-mIn3/WINspect

(完)