2月7日安全热点 - CNCERT发布2017年钓鱼网站分布趋势报告

资讯类

CNCERT发布 2017年钓鱼网站分布趋势报告

https://mp.weixin.qq.com/s/aDVIG7_QTaMCHAwgrqnHDA

 

Securelist发布2017年第4季度的DDoS攻击报告

https://securelist.com/ddos-attacks-in-q4-2017/83729/

 

Cisco：网络安全 CTF 系列第三部分: 实施

https://blogs.cisco.com/perspectives/cyber-security-capture-the-flag-ctf-series-part-3-implementing

 

CSS代码可能会被滥用来收集敏感的用户数据

https://www.bleepingcomputer.com/news/security/css-code-can-be-abused-to-collect-sensitive-user-data/

 

勒索受害者平均每年遭受两次袭击

https://www.bleepingcomputer.com/news/security/ransomware-victims-hit-on-average-by-two-attacks-per-year/

 

安全研究人员 发现Windows 10 “文件访问控制”反勒索功能可被绕过

https://www.bleepingcomputer.com/news/security/researcher-bypasses-windows-controlled-folder-access-anti-ransomware-protection/

 

技术类

HPE IMC中各种攻击媒介的进一步分析

https://www.zerodayinitiative.com/blog/2018/2/6/one-mans-patch-is-another-mans-treasure-a-tale-of-a-failed-hpe-patch

 

Joomla！3.8.3：通过SQL注入来提升权限

https://blog.ripstech.com/2018/joomla-privilege-escalation-via-sql-injection/

 

关于硬件木马的一些讨论

https://www.benthamsgaze.org/2018/02/06/a-witch-hunt-for-trojans-in-our-chips/

 

PLUGX恶意软件分析

https://countuponsecurity.com/2018/02/04/malware-analysis-plugx

 

『安全开发教学』Github泄露扫描系统开发

https://weibo.com/ttarticle/p/show?id=2309404204494916341366

 

ADB.Miner 安卓蠕虫的更多信息

http://blog.netlab.360.com/adb-miner-more-information/

 

Glibc缓冲区下溢漏洞分析（CVE–2018-1000001）

https://paper.seebug.org/528/

 

Evil XML with two encodings
https://mohemiv.com/all/evil-xml/

 

FreeFloat FTP1.0 溢出漏洞分析

https://mp.weixin.qq.com/s/MSaEbeNN0zbrNY50_30FRQ

 

pwnhub年前最后一战——“血月归来”writeup

https://www.secpulse.com/archives/68026.html

 

DowginCw病毒家族解析

https://www.secpulse.com/archives/68040.html

 

渗透测试 — VulnHub –CTF FristiLeaks v1.3

https://mp.weixin.qq.com/s/vroN1CKPjf2x033E0e43vg

 

Archery —— 开源漏洞评估和管理工具

https://github.com/archerysec/archerysec

 

kiwi：安全源码审计工具

https://github.com/alpha1e0/kiwi