【知识】8月18日 - 每日安全知识热点

http://p6.qhimg.com/t017313015b51e6034e.png

热点概要:福昕PDF阅读器被曝存在两个严重0day漏洞、恶意代码分析教程:针对一个具有绕过反分析技术的恶意word文档分析(含样本)、Bug Bounty:Ubiquiti airMAX/airOS登录绕过漏洞、趋势科技检测到新型Exploit工具包、渗透测试学习笔记、漏洞环境虚拟机生成器(类似Metasploitable2,渗透测试爱好者可使用此项目快速创建漏洞环境)、Koadic:COM 命令控制框架(JScript RAT,类似Meterpreter、Empire)、AndroidManifest.xml文件安全探索


国内热词(以下内容部分摘自http://www.solidot.org/ ):

加密邮件服务商ProtonMail 称它反黑了钓鱼攻击者

乌克兰恶意程序作者自首帮助 FBI 调查民主党全国委员会的黑客攻击

资讯类:

福昕PDF阅读器被曝存在两个严重0day漏洞

http://thehackernews.com/2017/08/two-critical-zero-day-flaws-disclosed.html 

技术类:

恶意代码分析教程:针对一个具有绕过反分析技术的恶意word文档分析(含样本)

http://www.ringzerolabs.com/2017/08/bypassing-anti-analysis-technique-in.html 

Bug Bounty:Ubiquiti airMAX/airOS登录绕过漏洞

http://www.nicksherlock.com/2017/08/login-bypass-in-ubiquiti-airmax-airos-if-aircontrol-web-ui-was-used/ 

Turla APT组织更新KopiLuwak JavaScript后门用于攻击2017 G20峰会相关人士

https://www.proofpoint.com/us/threat-insight/post/turla-apt-actor-refreshes-kopiluwak-javascript-backdoor-use-g20-themed-attack 

趋势科技检测到新型Exploit工具包

http://blog.trendmicro.com/trendlabs-security-intelligence/new-disdain-exploit-kit-detected-wild/ 

渗透测试学习笔记

http://avfisher.win/archives/741 

http://avfisher.win/archives/756 

漏洞环境虚拟机生成器(类似Metasploitable2,渗透测试爱好者可使用此项目快速创建漏洞环境)

https://github.com/cliffe/SecGen 

Koadic:COM 命令控制框架(JScript RAT,类似Meterpreter、Empire)

http://www.kitploit.com/2017/08/koadic-com-command-control-framework.html 

使用PentestBox工具利用ETERNALBLUE对Win7进行攻击,获取Meterpreter反弹

http://fuping.site/2017/08/16/HOW-TO-USE-PENTESTBOX-TO-EXPLOIT-ETERNALBLUE-ON-WINDOWS-7/ 

3个步骤实现简单语言解释器(自制简易编程语言)

https://francisstokes.wordpress.com/2017/08/16/programming-language-from-scratch/    

如何攻击Java反序列化过程

http://bobao.360.cn/learning/detail/4267.html 

自动化PCB逆向工程

https://www.usenix.org/system/files/conference/woot17/woot17-paper-kleber.pdf 

AndroidManifest.xml文件安全探索

http://mp.weixin.qq.com/s/C1serFo7aQ2peSLorAS-HQ 

Metasploitable 3: Exploiting ManageEngine Desktop Central 9

http://www.hackingtutorials.org/metasploit-tutorials/metasploitable-3-exploiting-manageengine-desktop-central-9/ 

fastboot oem vuln:Android Bootloader Vulnerabilities in Vendor Customizations

https://www.usenix.org/system/files/conference/woot17/woot17-paper-hay.pdf 

vTZ: Virtualizing ARM TrustZone

https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-hua.pdf 

Dodgy behaviour from Speedtest.net & Google

https://medium.com/@slinafirinne/dodgy-behaviour-from-speedtest-net-google-5aef6cb25 

Shattered Trust: When Replacement Smartphone Components Attack 

https://www.usenix.org/system/files/conference/woot17/woot17-paper-shwartz.pdf 

POTUS: Probing Off-The-Shelf USB Drivers with Symbolic Fault Injection

https://www.usenix.org/system/files/conference/woot17/woot17-paper-patrick-evans.pdf 

(完)