热点概要:维基解密放出CIA Hive源代码、CVE-2017-16642基于堆的缓冲区溢出漏洞、Hyper-V安全从0到1、IoT开发——NanoPi NEO 2、针对C#编译器的DoS攻击、动态生成PDF中的漏洞——XSS与本地文件读取的结合、VirtualBox远程DoS漏洞分析。
资讯类:
谷歌分析钓鱼是比键击记录器和密码复用更严重的威胁
维基解密放出CIA Hive源代码
https://thehackernews.com/2017/11/cia-hive-malware-code.html
CVE-2017-16642基于堆的缓冲区溢出漏洞
http://www.securityfocus.com/bid/101745
技术类:
Hyper-V安全从0到1
https://bbs.pediy.com/thread-222626.htm
IE11 jscript的UAF漏洞
https://bugs.chromium.org/p/project-zero/issues/detail?id=1340
Hitcon 2017 Writeup
https://tradahacking.vn/hitcon-2017-ghost-in-the-heap-writeup-ee6384cd0b7
非HTTPS网站黑名单
https://blog.sucuri.net/2017/05/non-https-websites-blacklisted-for-passwords-without-ssl.html
基于Radare的Android APK分析
https://github.com/mhelwig/apk-anal
Drexel One API逆向工程
https://medium.com/@tomershemesh/reverse-engineering-the-drexel-one-api-370a560afedf
教你编写x86-64 JIT编译器
https://csl.name/post/python-jit/
IoT开发——NanoPi NEO 2
https://mzyy94.com/blog/2017/11/10/nanopineo2-homekit/
针对C#编译器的DoS攻击
http://mattwarren.org/2017/11/08/A-DoS-Attack-against-the-C-Compiler/
动态生成PDF中的漏洞——XSS与本地文件读取的结合
http://www.noob.ninja/2017/11/local-file-read-via-xss-in-dynamically.html
VirtualBox远程DoS漏洞分析
https://unimplemented.org/vbox-cve2016-5608-analysis.html
iOS与iCloud的取证分析
https://blog.elcomsoft.com/2017/11/the-art-of-ios-and-icloud-forensics/
AWS安全总览 第二部分
http://sysforensics.org/2017/11/aws-security-overview-part-ii-iam/
攻击.NET序列化
https://speakerdeck.com/pwntester/attacking-net-serialization
Toast Overlay攻击