热点概要:中国研究人员利用机器学习识别 Tor 和 Shadowsock 流量、Google Home Mini因硬件问题自动记录上传用户音频信息、Pornhub CSV注入漏洞、Windows hooks检测 、AWS安全最佳实践[eBook]、AWS安全最佳实践[eBook]、Radium:Python键盘记录
国内热词(以下内容部分来自:http://www.solidot.org/ )
中国研究人员利用机器学习识别 Tor 和 Shadowsock 流量
微软如何避免成为下一个IBM
资讯类:
美国不惜拉以色列黑客为其站台指责卡巴斯基:贼喊捉贼越描越黑
https://thehackernews.com/2017/10/kaspersky-nsa-russian-hackers.html
Google Home Mini因硬件问题自动记录上传用户音频信息
技术类:
Pornhub CSV注入漏洞
攻击Ethereum Smart Contracts
https://www.cryptologie.net/article/423/attacks-on-ethereum-smart-contracts/
网络安全、渗透测试学习资料整理
https://github.com/vitalysim/Awesome-Hacking-Resources
数以千计的存在漏洞的Magento网上商店
https://blog.detectify.com/2017/10/10/thousands-of-vulnerable-magento-web-stores-out-there/
Windows hooks检测
https://shiftlock.wordpress.com/2011/06/22/windows-hooks-detector/
Outlook Home Page – Another Ruler Vector
https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/
AWS安全最佳实践[eBook]
https://www.sqreen.io/resources/aws-security-best-practices
STEM CTF 2017 Writeup
https://tobloef.com/ctf/mitre-ctf-2017
Kernel Exploitation:Razer rzpnk.sys中的逻辑错误
http://www.fuzzysecurity.com/tutorials/expDev/23.html
Bypassing SACL Auditing on LSASS
https://tyranidslair.blogspot.co.uk/2017/10/bypassing-sacl-auditing-on-lsass.html
Radium:Python键盘记录
https://n0where.net/python-keylogger-radium/
演示视频:https://www.youtube.com/watch?v=T0h_427L8u4&feature=youtu.be
Reverse engineering malware: TrickBot (part 3 – core)
https://qmemcpy.io/post/reverse-engineering-malware-trickbot-part-3-core
Rick and Morty episode? Nope, another CoinMiner
https://bartblaze.blogspot.com/2017/10/rick-and-morty-episode-nope-another.html