【知识】11月19日 - 每日安全知识热点

360安全客 安全知识 89140 4

http://p6.qhimg.com/t017313015b51e6034e.png

热点概要:本周勒索软件盘点、卡巴斯基调查研究NSA黑客工具是如何被盗的、pfSense <= 2.3.1_1 (pfSense-SA-16_08.webgui)授权的命令执行漏洞披露、CVE-2017-15306: Linux内核KVM PowerPC空指针解引用、新的开源IDS工具、Leading the Blind to Light! – A Chain to RCE。

资讯类:

本周勒索软件盘点

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-17th-2017-cryptomix-and-targeted-attacks/ 


卡巴斯基调查研究NSA黑客工具是如何被盗的

https://www.hackread.com/kaspersky-investigators-reveal-how-nsa-hacking-tools-were-stolen/ 


微软似乎已遗失EQNEDT32.EXE的源代码

https://www.bleepingcomputer.com/news/microsoft/microsoft-appears-to-have-lost-the-source-code-of-an-office-component/ 


BlackArch不再支持i686

https://blackarch.org/blog.html 

技术类:

pfSense <= 2.3.1_1 (pfSense-SA-16_08.webgui)授权命令执行漏洞披露

https://www.trustedsec.com/2017/11/full-disclosure-authenticated-command-execution-vulnerability-pfsense/ 

弄一个自主系统玩一下

http://blog.thelifeofkenneth.com/2017/11/creating-autonomous-system-for-fun-and.html 

CVE-2017-15306: Linux内核KVM PowerPC空指针解引用

https://xorl.wordpress.com/2017/11/18/cve-2017-15306-linux-kernel-kvm-powerpc-null-pointer-dereference/ 

BinCAT:一个二进制静态代码分析工具包

https://github.com/airbus-seclab/bincat 

逆向分析的一些资源

https://github.com/wtsxDev/reverse-engineering 

新的开源IDS工具

https://www.secureworks.com/blog/new-open-source-ids-tools 

一个管理Mac系统WIFI的命令行工具,包含一个交互式的shell

https://github.com/keithrbennett/macwifi 

Oxygen Forensic Detective X Launched With New WhatsApp Extraction Features

https://forensicfocus.com/News/article/sid=3027/ 

Fast Malware Unpacking With CryptDecrypt and RtlDecompressBuffer

https://www.youtube.com/watch?v=2zYokTkzIC8 

一个叫WannaDie的勒索软件

https://twitter.com/struppigel/status/931835892469260288 

https://www.virustotal.com/#/file/fe6d42775a2f635ad2c027d799f9dae48da42182961b1399a3c04c12221a9c37/detection 

Cisco ASA series part eight: Exploiting the CVE-2016-1287 heap overflow over IKEv1

https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/november/cisco-asa-series-part-eight-exploiting-the-cve-2016-1287-heap-overflow-over-ikev1/ 

完整系列

https://twitter.com/binitamshah/status/929315825319796736 

Leading the Blind to Light! – A Chain to RCE

https://blog.zsec.uk/rce-chain/ 

[PoC]LinkedIn IP地址泄露漏洞

https://medium.com/@xc0d3rz/ip-address-disclosure-vulnerability-in-linkedin-com-5830fb7476b9 

Microsoft Just Manually Patch Their Equation Editor Executable(CVE-2017-11882)

https://0patch.blogspot.ca/2017/11/did-microsoft-just-manually-patch-their.html 

SpookFlare – Meterpreter Loader Generator With Multiple Features For Bypassing Client-Side And Network-Side Countermeasures

http://www.kitploit.com/2017/11/spookflare-meterpreter-loader-generator.html 

Enigma – Multiplatform Payload Dropper

http://www.kitploit.com/2017/11/enigma-multiplatform-payload-dropper.html 

Intel FSP逆向分析入门指南

https://puri.sm/posts/primer-to-reverse-engineering-intel-fsp/ 

应用白名单绕过: msbuild.exe

https://blog.conscioushacker.io/index.php/2017/11/17/application-whitelisting-bypass-msbuild-exe/ 

PHPMYFAQ 2.9.9 Code Injection

https://cxsecurity.com/issue/WLB-2017110111 

(完)