热点概要:bug bounty:看我如何接管OLX的每一条广告、krackattacks-test-ap-ft:判断AP是否受到CVE-2017-13082漏洞(WPA2 KRACK Attacks)的影响、WaterMiner:一款新发现的挖矿恶意软件分析、2017 Flare-On挑战题解(Fireeye的CTF)、FaceID真的安全么?针对FaceID的安全性研究
国内热词(以下内容部分来自:http://www.solidot.org/ )
英情报机构被指控搜集公民社交媒体及医疗数据
微软的 bug 数据库在 2013 年曾遭到入侵
资讯类:
联想修复影响安卓平板和手机的多个漏洞
技术类:
bug bounty:看我如何接管OLX的每一条广告
https://kciredor.com/taking-over-every-ad-on-olx-automated-an-idor-story.html
浏览器安全之逃逸沙盒
https://blogs.technet.microsoft.com/mmpc/2017/10/18/browser-security-beyond-sandboxing/
Hack.lu 2017安全会议演讲视频
https://www.youtube.com/playlist?list=PLCxOaebc_2yNlOGhuOjInlJvr0Ktb_FYz
krackattacks-test-ap-ft:判断AP是否受到CVE-2017-13082漏洞(WPA2 KRACK Attacks)的影响
https://github.com/vanhoefm/krackattacks-test-ap-ft
WaterMiner:一款新发现的挖矿恶意软件分析
https://minerva-labs.com/post/waterminer-a-new-evasive-crypto-miner
HydraPOS:巴西诈骗者已经利用该设备收集了至少140万张信用卡资料
BoundHook:基于异常,内核控制的用户模式hook
针对Nitro OBD2的逆向工程
https://blog.quarkslab.com/reverse-engineering-of-the-nitro-obd2.html
在GPD Pocket 7上安装Linux
https://medium.com/@tomac/qpd-pocket-7-the-return-of-the-hacker-netbook-fe9be1b02ebf
2017 Flare-On挑战题解(Fireeye的CTF)
https://www.fireeye.com/blog/threat-research/2017/10/2017-flare-on-challenge-solutions.html
Cloakify:Data Exfiltration工具(用于将任何文件类型转换为日常字符串列表、绕过DLP/MLS设备、绕过白名单、AV检测等)
https://github.com/TryCatchHCF/Cloakify
FaceID真的安全么?针对FaceID的安全性研究
https://auth0.com/blog/is-faceid-really-secure/
Kerberos AD Attacks – Kerberoasting
https://blog.xpnsec.com/kerberos-attacks-part-1/
Significant security flaws in smartwatches for children
https://www.forbrukerradet.no/side/significant-security-flaws-in-smartwatches-for-children