【知识】7月6日 - 每日安全知识热点

http://p6.qhimg.com/t017313015b51e6034e.png

热点概要:对MEDoc后门的进一步分析owasp移动安全测试指南pdf版如何使用ZIP bomb来保护网站(填充大文件的gzip)川普僵尸:“以川普之名”发动攻击的新型物联网僵尸Linux kernel addr_limit bug / exploitationPHP 小于 5.6.28 中parse_url解析返回错误的hostname关于threathunter社区的"蠕虫"发现过程


资讯类:

研究人员构建防火墙阻止SS7攻击

https://www.darkreading.com/mobile/researchers-build-firewall-to-deflect-ss7-attacks/d/d-id/1329272

技术类:

owasp移动安全测试指南pdf版

https://www.gitbook.com/download/pdf/book/b-mueller/the-owasp-mobile-security-testing-guide

如何使用ZIP bomb来保护网站(填充大文件的gzip)

https://blog.haschek.at/2017/how-to-defend-your-website-with-zip-bombs.html

川普僵尸:“以川普之名”发动攻击的新型物联网僵尸

http://mp.weixin.qq.com/s?timestamp=1499303632&src=3&ver=1&signature=HNE3mmvwyg4LnC*nFNwTmCUR684HmwdOGjuBIZPwJfkFIyTmVJXZB5GWnKaSxyhpIQXyE01P-OYUpcCStDvy2WV4FTdwADmuPIASsTzu*Zl1hl2WwROsSs4H1S5QIFdE27QQZG9mWS2MhfA7c3D9*GifL3*vVag5AJhNAzOra5Y=

老听别人说加密算法,现在给你个机会深入了解下

http://www.freebuf.com/articles/database/138734.html

从制作一个“微信多开版”看微信安全

https://segmentfault.com/a/1190000010059631

Hardware Forensic Database

http://hfdb.io

Zeus:AWS 审计和加固工具

https://github.com/DenizParlak/Zeus

PSAttack:一个包含所有的渗透测试的powershell脚本框架

http://pentestit.com/psattack-offensive-powershell-console/

Linux kernel addr_limit bug / exploitation

https://www.youtube.com/watch?v=UFakJa3t8Ls

VirtualAPK:Android上强大而轻便的插件框架。可以动态加载和运行apk。

https://github.com/didi/VirtualAPK

研究人员构建防火墙阻止SS7攻击

https://www.darkreading.com/mobile/researchers-build-firewall-to-deflect-ss7-attacks/d/d-id/1329272

SLocker 移动端勒索软件再次出现,界面类似WannaCry

http://blog.trendmicro.com/trendlabs-security-intelligence/slocker-mobile-ransomware-starts-mimicking-wannacry/

对MEDoc后门的进一步分析

http://blog.talosintelligence.com/2017/07/the-medoc-connection.html

TeleDoor的YARA规则

https://github.com/Neo23x0/signature-base/blob/master/yara/crime_teledoor.yar

PHP < 5.6.28 中parse_url解析返回错误的hostname

https://bugs.php.net/bug.php?id=73192

CORS大规模配置错误和检测工具

http://web-in-security.blogspot.de/2017/07/cors-misconfigurations-on-large-scale.html

通过通配符子域来利用配置错误的CORS

http://www.geekboy.ninja/blog/exploiting-misconfigured-cors-via-wildcard-subdomains/

Oracle Advanced Support中的匿名访问sql执行

https://blog.netspi.com/anonymous-sql-execution-oracle-advanced-support/

使用neo4j对Emdivi恶意软件进行聚类

http://blog.jpcert.or.jp/2017/07/clustering-malw-5a14.html

使用XSS攻击CMS(知名cms为例)

http://brutelogic.com.br/blog/compromising-cmses-xss/

YARA 3.6.3发布修复多处bugs

https://github.com/VirusTotal/yara/releases

关于threathunter社区的"蠕虫"发现过程

https://threathunter.org/topic/595356f7690b1b2a52c7a045

LepideAuditor Suite远程代码执行

https://www.offensive-security.com/vulndev/auditing-the-auditor/

(完)