热点概要:ShadowBrokers又发布了从NSA武器库泄露的Windows黑客工具、美国消费者信用报告机构Equifax被黑造成1.43亿个人信息泄露、攻击者可通过超声波静默控制Siri等语音助手代你发出指令、看我如何黑掉英国的税务系统、看我如何破解Dlink 850路由器然后滥用MyDlink Cloud协议
资讯类:
ShadowBrokers又发布了从NSA的武器库泄露的Windows黑客工具
http://thehackernews.com/2017/09/shadowbrokers-unitedrake-hacking.html
ShadowBrokers发布NSA针对Windows用户的木马工具UNITEDRAKE用户手册
https://www.schneier.com/blog/archives/2017/09/shadowbrokers_r.html
手册下载地址:
https://assets.documentcloud.org/documents/3987443/The-Shaow-Brokers-UNITEDRAKE-Manual.pdf
美国消费者信用报告机构Equifax被黑造成1.43亿个人信息泄露(姓名,驾照号码,住址等)
https://www.nytimes.com/2017/09/07/business/equifax-cyberattack.html
攻击者可通过超声波静默控制Siri等语音助手代你发出指令(包括访问恶意网站,监听个人行为,注入虚假信息,拒绝服务攻击等)
http://thehackernews.com/2017/09/ai-digital-voice-assistants.html
技术类:
XFLTReaT:支持多种协议的隧道框架
http://www.kitploit.com/2017/09/xfltreat-tunnelling-framework.html
https://github.com/earthquake/xfltreat/
看我如何黑掉英国税务系统
https://medium.com/@Zemnmez/how-to-hack-the-uk-tax-system-i-guess-3e84b70f8b
SecLists: 安全测试人员的伴侣, 安全测评过程中的多种列表集(用户名,密码,URL)
https://github.com/danielmiessler/SecLists
恶意代码逆向手册
https://zeltser.com/reverse-engineering-malicious-code-tips/
PDF版
https://zeltser.com/media/docs/reverse-engineering-malicious-code-tips.pdf
看我如何破解Dlink 850路由器然后滥用MyDlink Cloud协议
https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html
Abusing JavaScript frameworks to bypass XSS mitigations
http://blog.portswigger.net/2017/09/abusing-javascript-frameworks-to-bypass.html
Using Alternate Data Streams to Bypass User Account Controls
https://www.redcanary.com/blog/using-alternate-data-streams-bypass-user-account-controls/
https://github.com/enigma0x3/Misc-PowerShell-Stuff/blob/master/Invoke-WScriptBypassUAC.ps1