热点概要:NIC亚洲银行也成为SWIFT事件的受害者、黑客以学生信息勒索加拿大大学、IEEE P1735电子标准中的设计缺陷、命名管道安全前缀分析、通过扰乱TCB来抵御TCP重置攻击、攻击Ruby on Rails应用从入门到精通。
资讯类:
NIC亚洲银行也成为SWIFT事件的受害者
http://securityaffairs.co/wordpress/65204/cyber-crime/nic-asia-bank-swift-hack.html
Savitech音频驱动安装根证书
http://www.securityweek.com/savitech-audio-drivers-caught-installing-root-certificate
黑客以学生信息勒索加拿大大学
http://securityaffairs.co/wordpress/65177/cyber-crime/canadian-university-extortion.html
IEEE P1735电子标准中的设计缺陷
http://securityaffairs.co/wordpress/65184/hacking/ieee-p1735-electronics-standard-flaws.html
技术类:
如何开发构建一个Winning System
https://chrisbolman.com/strategy-develop-effective-framework/
你的网站安全吗——当前网站安全状况总览
https://sucuri.net/infographics/agency-protected
命名管道安全前缀分析
https://tyranidslair.blogspot.co.uk/2017/11/named-pipe-secure-prefixes.html
通过扰乱TCB来抵御TCP重置攻击
https://github.com/seclab-ucr/INTANG
使用X64DBG分析程序无法初始化的原因
https://x64dbg.com/blog/2017/11/04/the-big-handle-gamble.html
攻击Ruby on Rails应用从入门到精通
http://phrack.org/issues/69/12.html
Golang中的噪声快速实现
http://www.cryptologie.net/article/427/noise-plug-and-play-implementation-in-golang/
Blockchain.info中的CRLF注入
http://blog.shashank.co/2017/11/crlf-injection-in-bockchaininfo.html
WordPress插件ImageManager文件上传漏洞
https://cxsecurity.com/issue/WLB-2017110031
Nmap扫描实践:原理解析与参数配置
http://www.kalitut.com/2017/11/nmap-scan-systems-for-open-ports.html
Node与Postgres代码注入漏洞分析
https://www.leavesongs.com/PENETRATION/node-postgres-code-execution-vulnerability.htm
数据结构——你所需要的一切
https://medium.freecodecamp.org/all-you-need-to-know-about-tree-data-structures-bceacb85490c