热点概要:超过1700台IoT设备和相关的telnet凭据已被泄露并公开放、黑客盗取HBO权利的游戏第七季并公开大结局剧情、Apple iOS <=10.3.1 – Kernel Exploit、OSX平台的流量监控和防火墙工具Little Snitch、用Flash利用JSON的CSRF、大量服务器的登录凭证被PDF钓鱼泄露、AVPASS:可绕过Android恶意软件检测系统的工具、恶意软件脱壳工具之二
资讯类:
安全研究人员警告:超过1700台IoT设备和相关的telnet凭据已被泄露并公开放在网上
http://securityaffairs.co/wordpress/62365/iot/iot-devices-credentials-leaked.html
黑客盗取HBO权利的游戏第七季并公开大结局剧情
https://www.hackread.com/hbo-hackers-leak-script-spoilers-of-game-of-thrones-season-finale/
技术类:
Apple iOS <=10.3.1 – Kernel Exploit
https://www.exploit-db.com/exploits/42555/
OSX平台的流量监控和防火墙工具Little Snitch
https://www.obdev.at/products/littlesnitch/index.html
用Flash利用JSON的CSRF
http://www.geekboy.ninja/blog/exploiting-json-cross-site-request-forgery-csrf-using-flash/
https://github.com/sp1d3r/swf_json_csrf/
大量服务器的登录凭证被PDF钓鱼泄露
http://www.ringzerolabs.com/2017/08/large-victim-credential-server.html
https://www.bilibili.com/video/av13897953/
Windows, Mac OSX和Linux平台的设置HTTPs以及自签名证书详细指南
AVPASS:可绕过Android恶意软件检测系统的工具
http://www.kitploit.com/2017/08/avpass-tool-for-leaking-and-bypassing.html
https://github.com/sslab-gatech/avpass/blob/master/docs/README.md
Demo视频:
https://www.bilibili.com/video/av13898951/
https://www.bilibili.com/video/av13898920/
恶意软件脱壳工具, Part 1. Dumping executables from RWE memory
恶意软件脱壳工具, Part 2. Weak encryption algorithms
https://vallejo.cc/2017/08/27/tools-for-unpacking-malware-part-2-weak-encryption-algorithms/
AI训练算法易被藏后门
https://arxiv.org/pdf/1708.06733v1.pdf
Passwords Evolved: Authentication Guidance for the Modern Era
https://www.troyhunt.com/passwords-evolved-authentication-guidance-for-the-modern-era/
iBoot exploitation material from BlackHat
mega:#!Op1gSDxR!n9P4Xy_H6iDErYDAvwWZNPe-aso2CmCeh8vph-UMoT0
WINspect – Powershell-based Windows Security Auditing Toolbox
http://www.kitploit.com/2017/08/winspect-powershell-based-windows.html