【知识】10月19日 - 每日安全知识热点

http://p6.qhimg.com/t017313015b51e6034e.png

热点概要:bug bounty:看我如何接管OLX的每一条广告、krackattacks-test-ap-ft:判断AP是否受到CVE-2017-13082漏洞(WPA2 KRACK Attacks)的影响、WaterMiner:一款新发现的挖矿恶意软件分析、2017 Flare-On挑战题解(Fireeye的CTF)、FaceID真的安全么?针对FaceID的安全性研究

国内热词(以下内容部分来自:http://www.solidot.org/ )

英情报机构被指控搜集公民社交媒体及医疗数据

微软的 bug 数据库在 2013 年曾遭到入侵

资讯类:

联想修复影响安卓平板和手机的多个漏洞

https://threatpost.com/lenovo-quietly-patches-massive-bug-impacting-its-android-tablets-and-zuk-vibe-phones/128489/ 

技术类:

bug bounty:看我如何接管OLX的每一条广告

https://kciredor.com/taking-over-every-ad-on-olx-automated-an-idor-story.html 

浏览器安全之逃逸沙盒

https://blogs.technet.microsoft.com/mmpc/2017/10/18/browser-security-beyond-sandboxing/ 

Hack.lu 2017安全会议演讲视频

https://www.youtube.com/playlist?list=PLCxOaebc_2yNlOGhuOjInlJvr0Ktb_FYz 

krackattacks-test-ap-ft:判断AP是否受到CVE-2017-13082漏洞(WPA2 KRACK Attacks)的影响

https://github.com/vanhoefm/krackattacks-test-ap-ft 

WaterMiner:一款新发现的挖矿恶意软件分析

https://minerva-labs.com/post/waterminer-a-new-evasive-crypto-miner 

HydraPOS:巴西诈骗者已经利用该设备收集了至少140万张信用卡资料

https://sidechannel.tempestsi.com/hydrapos-operation-of-brazilian-fraudsters-has-accumulated-at-least-1-4-million-card-data-b05d88ad3be0 

BoundHook:基于异常,内核控制的用户模式hook

https://www.cyberark.com/threat-research-blog/boundhook-exception-based-kernel-controlled-usermode-hooking/ 

针对Nitro OBD2的逆向工程

https://blog.quarkslab.com/reverse-engineering-of-the-nitro-obd2.html 

在GPD Pocket 7上安装Linux

https://medium.com/@tomac/qpd-pocket-7-the-return-of-the-hacker-netbook-fe9be1b02ebf 

2017 Flare-On挑战题解(Fireeye的CTF)

https://www.fireeye.com/blog/threat-research/2017/10/2017-flare-on-challenge-solutions.html 

Cloakify:Data Exfiltration工具(用于将任何文件类型转换为日常字符串列表、绕过DLP/MLS设备、绕过白名单、AV检测等)

https://github.com/TryCatchHCF/Cloakify 

FaceID真的安全么?针对FaceID的安全性研究

https://auth0.com/blog/is-faceid-really-secure/ 

Kerberos AD Attacks – Kerberoasting

https://blog.xpnsec.com/kerberos-attacks-part-1/ 

Significant security flaws in smartwatches for children

https://www.forbrukerradet.no/side/significant-security-flaws-in-smartwatches-for-children 

(完)