热点概要:永无终日的恶意软件——银行木马卷土重回Play Store、针对Wordpress的wp-vcd新攻击出现、世界知名网站中超过400个在记录你全部的键击过程、CVE-2017-16544 Busybox自动完成漏洞、CVE-2017-11882 POC、Intel安全补丁更新、TLS重定向攻击、针对新的IoT DDoS恶意软件的分析。
资讯类:
永无终日的恶意软件——银行木马卷土重回Play Store
https://thehackernews.com/2017/11/bankbot-android-malware.html
针对Wordpress的wp-vcd新攻击出现
http://securityaffairs.co/wordpress/65800/malware/wordpress-wp-vcd-malware.html
世界知名网站中超过400个在记录你全部的键击过程
TP-Link部分欧洲产品没有及时针对KRACK更新固件
https://www.ctrl.blog/entry/tplink-firmware-outdated-downloads
技术类:
利用递归攻击未初始化变量
https://signal11.io/index.php/2017/11/19/attacking-uninitialized-variables-with-recursion/
Win下载Payload并执行代码的各种技巧
内核安全之双内核与内核分离
http://static.securegoose.org/papers/ccs14.pdf
HXP CTF Don’t Panic Writeup
http://eternal.red/2017/dont_panic-writeup/
SCF文件与哈希收集
https://1337red.wordpress.com/using-a-scf-file-to-gather-hashes/
不可检测的后门PE文件设计
https://haiderm.com/fully-undetectable-backdooring-pe-files/
基于DNS通道的Shell
https://github.com/sensepost/DNS-Shell
CVE-2017-11882 POC
https://github.com/embedi/CVE-2017-11882
PowerView的强力功能 part4
https://posts.specterops.io/the-powerview-powerusage-series-4-e8d408c15c95
Meterpreter getsystem详析
https://blog.xpnsec.com/becoming-system/
CiSetFileCache TOCTOU安全特性绕过
https://bugs.chromium.org/p/project-zero/issues/detail?id=1332
Intel安全补丁更新
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
披着狼皮的羊——惠普打印机RCE分析
https://foxglovesecurity.com/2017/11/20/a-sheep-in-wolfs-clothing-finding-rce-in-hps-printer-fleet/
Kaixin利用工具套件分析
http://www.nao-sec.org/2017/11/analyzing-kaixin-exploit-kit.html
命令与控制——WMI
https://pentestlab.blog/2017/11/20/command-and-control-wmi/
TLS重定向攻击
https://github.com/GrrrDog/TLS-Redirection
Play Store上重现的银行木马技术分析
针对新的IoT DDoS恶意软件的分析
https://lloydlabs.github.io/post/aes-ddos-analysis-part-1/
SSL安全加固之Pin与Staple
https://depthsecurity.com/blog/pins-and-staples-enhanced-ssl-security
CVE-2017-16544 Busybox自动完成漏洞
https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/