资讯类
另一起数据泄露行动袭击了印度的国家身份数据库Aadhaar
http://www.zdnet.com/article/another-data-leak-hits-india-aadhaar-biometric-database/
亚特兰大市被勒索软件攻击瘫痪,是SAMSAM吗?
City of Atlanta paralyzed by a ransomware attack, is it SAMSAM?
新型挖矿软件GhostMiner使用无文件技术,去除其他矿工,但收益甚微
AVCrypt 勒索软件尝试卸载现有AV软件
Rapid 2.0 勒索软件发布,不会加密具有俄语区域设置的PC上的数据
高危漏洞影响Drupal 7和8核心
Drupal安全小组确认,高危漏洞影响Drupal 7和8核心,并宣布于3月28日发布安全更新。
A “highly critical” flaw affects Drupal 7 and 8 core, Drupal security updates expected on March 28th
https://www.drupal.org/psa-2018-001
技术类
Breaking Android kernel isolation and Rooting with ARM MMU features
A New Method to Bypass 64-bit Linux ASLR
A New Era of SSRF
Revoke-Obfuscation: PowerShell Obfuscation Detection Using Science
https://www.fireeye.com/content/dam/fireeye-www/blog/pdfs/revoke-obfuscation-report.pdf
How to Build a Command & Control Infrastructure with Digital Ocean: C2K Revamped
How to Build a Command & Control Infrastructure with Digital Ocean: C2K Revamped
From Christmas present in the blockchain to massive bug bounty
https://www.vicompany.nl/magazine/from-christmas-present-in-the-blockchain-to-massive-bug-bounty
端到端跟踪勒索软件
深入研究迄今为止最严重的Kubernetes漏洞 – CVE-2017-1002101和CVE-2017-1002102
如何使用以太坊安全工具套件
Use our suite of Ethereum security tools
红队突破外围的五大方法
关于IDS签名的讨论
http://blog.ptsecurity.com/2018/03/we-need-to-talk-about-ids-signature.html
关于CVE-2018-4901的研究
http://www.freebuf.com/vuls/164512.html
Taipan——Web应用安全扫描器
https://github.com/taipan-scanner/Taipan
面向机器人的通讯机制安全研究与改进
http://www.freebuf.com/articles/wireless/165566.html
Windows下的密码hash——Net-NTLMv1介绍
https://xianzhi.aliyun.com/forum/topic/2205
CLOUDKiLL3R——通过TOR浏览器绕过Cloudflare保护服务