12月9日安全热点 - Homekit漏洞/Anonymous攻击以色列

 

资讯类

Apple HomeKit现漏洞，黑客可控制大门与灯光

http://www.bbc.com/news/technology-42283401

 

18年最大的安全风险可能集中在区块链和机器学习
http://www.valuewalk.com/2017/12/biggest-cybersecurity-risks-2018/

 

Annoymous攻击以色列并威胁美国政府

http://securityaffairs.co/wordpress/66491/hacktivism/opisrael-opus-anonymous.html

 

技术类

Linux Exploitation从入门到入狱
https://github.com/nnamon/linux-exploitation-course

 

约会应用也不放过？绕过IDOR

http://blog.gaurangbhatnagar.com/2017/12/02/Hacking-a-dating-app.html

 

P4wnp1 nexmon additions

https://github.com/mame82/P4wnP1_nexmon_additions

 

此前提到的AVGater，我们真的应该担心嘛

https://securingtomorrow.mcafee.com/mcafee-labs/should-i-worry-about-avgater-which-exploits-some-security-products/

 

macOS平台新的恶意软件——HiddenLotus

https://blog.malwarebytes.com/threat-analysis/2017/12/interesting-disguise-employed-by-new-mac-malware/amp/

 

QNX QNet提权漏洞分析

https://www.midnightbluelabs.com/blog/2017/12/8/elevation-of-privilege-vulnerability-in-qnx-qnet

 

macOS中不安全的cron

https://m4.rkw.io/blog/macos-high-sierra-10131-insecure-cron-system.html

 

Mr.Robot Disassembled

https://medium.com/@ryankazanciyan/mr-robot-disassembled-eps3-8-stage3-torrent-8b80e14fc6fb

 

黑掉了Whatsapp内心毫无波动甚至还往群里添加了联系人

https://www.linkedin.com/pulse/hacking-whatsapp-adding-contacts-groups-when-being-blocked-shprinz/

 

OSCP课程介绍

https://411hall.github.io/OSCP-Preparation/

 

跟踪事件日志的分析

http://blog.jpcert.or.jp/2017/12/research-report-released-detecting-lateral-movement-through-tracking-event-logs-version-2.html

 

使用不同的模糊测试暴露出程序语言的隐藏利用面

https://www.blackhat.com/docs/eu-17/materials/eu-17-Arnaboldi-Exposing-Hidden-Exploitable-Behaviors-In-Programming-Languages-Using-Differential-Fuzzing-wp.pdf