【知识】11月20日 - 每日安全知识热点

http://p6.qhimg.com/t017313015b51e6034e.png

热点概要:安全研究人员已经成功破解亚马逊锁、Github开始警告用户有漏洞的依赖库、yotter——信息泄露检测发现脚本、CVE-2017-1081:FreeBSD IPFilter UAF漏洞、CVE-2017-6168:BIG-IP SSL漏洞Java反序列化Payload之JRE8u20、Cyberbees攻击:自学习网络或许会替代僵尸网络

 

 

 

 

资讯类:

 

 

 

 

 

 

 

安全研究人员已经成功破解亚马逊锁

http://securityaffairs.co/wordpress/65725/hacking/amazon-key-de-authentication-attack.html

 

Cryptomix勒索软件短时间内新变种出现

http://securityaffairs.co/wordpress/65716/malware/cryptomix-ransomware-2.html

 

Github开始警告用户有漏洞的依赖库

http://securityaffairs.co/wordpress/65669/security/github-alerts-flawed-libraries.html

 

安卓漏洞导致攻击者可记录音频或屏幕

https://www.bleepingcomputer.com/news/security/android-bug-lets-attackers-record-audio-and-screen-activity-on-3-of-4-smartphones/

 

 

 

技术类:

 

 

 

 

 

 

 

 

SDR与RF信号分析

https://www.elttam.com.au/blog/intro-sdr-and-rf-analysis/

 

安卓逆向:反编译与代码注入

http://www.syssec-project.eu/m/page-media/158/syssec-summer-school-Android-Code-Injection.pdf

 

通过安全网络认证检查应用程序完整性安全控制

https://census-labs.com/news/2017/11/17/examining-the-value-of-safetynet-attestation-as-an-application-integrity-security-control/

 

Windows ASLR漏洞

https://www.kb.cert.org/vuls/id/817544

 

yotter——信息泄露检测发现脚本

https://github.com/b3rito/yotter

 

CVE-2017-6168:BIG-IP SSL漏洞

https://support.f5.com/csp/article/K21905460

 

芯片加密漏洞导致身份证安全问题

http://www.zdnet.com/article/id-card-security-spain-is-facing-chaos-over-chip-crypto-flaws/

 

通过Meterpreter攻击Windows

https://www.coengoedegebure.com/hacking-windows-with-meterpreter/

 

 

CVE-2017-1081:FreeBSD IPFilter UAF漏洞

 

https://xorl.wordpress.com/2017/11/19/cve-2017-1081-freebsd-ipfilter-use-after-free/

 

Office DDE检测工具

https://github.com/aserper/DDEtect

 

Java反序列化Payload之JRE8u20

http://bobao.360.cn/learning/detail/4723.html

 

信息安全Cheatsheet合集

https://www.peerlyst.com/posts/the-complete-list-of-infosec-related-cheat-sheets-claus-cramon?utm_source=twitter&utm_medium=social&utm_content=peerlyst_post&utm_campaign=peerlyst_resource

 

ETERNALRomance与Windows Server 2008

https://samsclass.info/124/proj14/p15xRomance.htm

 

在Oracle数据库中注入后门

https://mahmoudhatem.wordpress.com/2017/11/17/injecting-a-backdoor-in-an-oracle-database/

 

Cyberbees攻击:自学习网络或许会替代僵尸网络

https://www.scmagazine.com/attack-of-the-cyber-bees-self-learning-hivenets-to-replace-botnets-in-2018/article/708131/

 

HXP CTF逆向题目Writeup

http://rce4fun.blogspot.com/2017/11/hxp-ctf-2017-revengeofthezwiebel.html

(完)