热点概要:逆向工程OBi200 Google语音应用程序(Part 1)、CertReq Exfiltration – 通过Native工具和CSR获取数据、Poison Ivy样本分析、美国中情局(CIA)开发的Windows恶意软件,改变引导扇区加载恶意软件、解析Chrome扩展程序Facebook恶意软件
资讯类:
Instagram API存在漏洞 名人通讯详情泄露
https://www.theregister.co.uk/2017/08/31/instagram_leaks_verified_members_contacts_via_api_bug/
Telnet端口未设密码 近3000比特币矿机遭暴露
技术类:
逆向工程OBi200 Google语音应用程序(Part 1)
https://randywestergren.com/reverse-engineering-obi200-google-voice-appliance-part-1/
CertReq Exfiltration – 通过Native工具和CSR获取数据!
https://www.doyler.net/security-not-included/certreq-exfiltration
Poison Ivy样本分析
Pentest Home Lab – 0x3 – Kerberoasting: Creating SPNs so you can roast them
https://sethsec.blogspot.com/2017/08/pentest-home-lab-0x3-kerberoasting.html
美国中情局(CIA)开发的Windows恶意软件,改变引导扇区加载恶意软件
https://wikileaks.org/vault7/document/Angelfire-2_0-UserGuide/Angelfire-2_0-UserGuide.pdf
RedSnarf:用于Windows环境的渗透测试工具
https://github.com/nccgroup/redsnarf
解析Chrome扩展程序Facebook恶意软件
https://labs.detectify.com/2017/08/31/dissecting-the-chrome-extension-facebook-malware/
禁用Wi-Fi是否可以阻止Android手机发送Wi-Fi frames?
https://hal.inria.fr/hal-01575519/document
Joomla Component Huge-IT Portfolio Gallery Plugin 1.0.6 – SQL注入漏洞
https://www.exploit-db.com/exploits/42597/
OSINT Framework(公开资源情报计划框架)
https://github.com/lockfale/osint-framework
Working Around Twitter API Restrictions To Identify Bots
https://labsblog.f-secure.com/2017/08/31/working-around-twitter-api-restrictions-to-identify-bots/
FirmUSB: Vetting USB Device Firmware using Domain Informed Symbolic Execution
https://arxiv.org/abs/1708.09114
https://arxiv.org/pdf/1708.09114.pdf
Luminate Store Basics defacement and potential takeover
https://medium.com/@uranium238/luminate-store-basics-defacement-and-potential-takeover-9cf336fac8e5
Writeup CTF RHME3: exploitation
https://ktln2.org/2017/08/31/rhme3-exploitation-writeup/
Instagram is listening to you
https://medium.com/@damln/instagram-is-listening-to-you-97e8f2c53023
SharknAT&To
https://www.nomotion.net/blog/sharknatto/