【知识】8月4日 - 每日安全知识热点

360安全客 安全知识 73038 4

http://p6.qhimg.com/t017313015b51e6034e.png

热点概要:拉响WannaCry“紧急制动开关”的安全专家制作Kronos银行木马被捕、DEFCON 25 Recon Village OSINT CTF Write-Up、Supervisord远程命令执行漏洞(CVE-2017-11610)、Windows Defender ATP机器学习:检测新异常行为、dnstwist:域名排列引擎,检测域名拼字错误,用于检测网络钓鱼及企业间谍活动


资讯类:

拉响WannaCry“紧急制动开关”的安全专家制作Kronos银行木马被捕

http://securityaffairs.co/wordpress/61657/cyber-crime/marcus-hutchins-arrested.html 

技术类:

DEFCON 25 Recon Village OSINT CTF Write-Up

https://www.digitalsecurity.fr/en/blog/write-defcon-25-recon-village-osint-ctf 

Supervisord远程命令执行漏洞(CVE-2017-11610)

https://www.leavesongs.com/PENETRATION/supervisord-RCE-CVE-2017-11610.html 

针对无文件恶意软件JS_POWMET的分析

http://blog.trendmicro.com/trendlabs-security-intelligence/look-js_powmet-completely-fileless-malware/ 

如何检测0day及无文件恶意软件

https://community.rapid7.com/community/insightidr/blog/2017/07/26/how-do-you-identify-zero-days-and-fileless-malware-download-the-ram 

Python化VMware后门

https://www.zerodayinitiative.com/blog/2017/8/1/pythonizing-the-vmware-backdoor 

CheckPlease:Payload-Agnostic Implant Security

https://github.com/Arvanaghi/CheckPlease 

Nessus Compliance Generator 

https://coar.risc.anl.gov/nessus-compliance-generator/ 

WannaCry的比特币赎金被转换为Monero

https://www.cyberscoop.com/wannacry-monero-bitcoin/ 

PowerShell混淆检测

https://www.fireeye.com/blog/threat-research/2017/07/revoke-obfuscation-powershell.html 

Windows Defender ATP机器学习:检测新异常行为

https://blogs.technet.microsoft.com/mmpc/2017/08/03/windows-defender-atp-machine-learning-detecting-new-and-unusual-breach-activity/ 

dnstwist:域名排列引擎,检测域名拼字错误,用于检测网络钓鱼及企业间谍活动

https://github.com/elceef/dnstwist 

(完)