7月05日-每日安全知识热点

专业:

网络安全审计:运用划得来的机械设备社会实践活动攻击

http://www.synacktiv.fr/ressources/synacktiv_mobile_communications_attacks.pdf

一款开源的电脑上电脑杀毒软件控制模块,用以检测病毒

https://github.com/develbranch/TinyAntivirus

OSTrICa:开源的威协情报搜集综合服务平台

https://github.com/Ptr32Void/OSTrICa

wget 1.17 以及之前版本的随便代码执行安全漏洞poc

https://blogs.securiteam.com/index.php/archives/2701

Windows 7 SP1 x86提权POC  (MS16-014)

https://www.exploit-db.com/exploits/40039/

PowerSploit cheatsheet

https://github.com/HarmJ0y/CheatSheets/blob/master/PowerSploit.pdf

MIRCOP有意行骗手机app的解密工具下载

http://news.softpedia.com/news/free-decrypter-available-for-download-for-mircop-ransomware-505976.shtml?utm_content=bufferf8aa5&utm_medium=social&utm_source=plus.google.com&utm_campaign=buffer

分析vegan anti-BeFF的chrome的扩展避开

https://github.com/beefproject/beef/commit/9e3385cf4c7cb98fe96343117d545415514f94ed

U2F Zero:开源的,可用Google,Openssh,github等服务的物理双银子验证常用工具

https://github.com/conorpp/u2f-zero

在Cpython中编写C编号

https://spacy.io/blog/writing-c-in-cython

开源的PGP进行常用工具,可以在web中运用

https://github.com/henryboldi/felony

BDFProxy 升級,可以可用mitmproxy到v0.17版本

https://github.com/secretsquirrel/BDFProxy

在dell ChromeBook 11 安装kali

http://jerrygamblin.com/2016/07/04/installing-kali-on-a-dell-chromebook-11/

Gootkit木马程序分析

http://www.malekal.com/trojan-gootkit/

Cisco Prime Infrastructure 远程操作代码执行安全漏洞

https://blogs.securiteam.com/index.php/archives/2727

[NDH2K16 2016] [FORENSICS 150 – DRAW ME A SHEEP] WRITE UP

https://0x90r00t.com/2016/07/04/ndh2k16-2016-forensics-150-draw-me-a-sheep-write-up/

有意宣传广告有一定的减少,但是并没有完全消散

https://blog.malwarebytes.com/cybercrime/exploits/2016/07/malvertising-slowing-down-but-not-out/

hashkiller 2016-7月比赛的writeup

https://hashkiller.co.uk/contest/2016-06/contest_2016-07_write-up.pdf

资讯新闻类:

Satana 有意行骗软件加密你计算机的BOOT,阻止你启动

http://news.softpedia.com/news/satana-ransomware-encrypts-your-boot-record-and-prevents-your-pc-from-starting-505933.shtml

想起thinkpad 0day可以避开windows安全系数

http://www.itnews.com.au/news/lenovo-thinkpad-zero-day-bypasses-windows-security-430090?utm_source=feed&utm_medium=rss&utm_campaign=iTnews Security feed&utm_source=twitterfeed&utm_medium=twitter

在yiSpecter和HummingBad恶意软件后的在我国广告商

http://news.softpedia.com/news/chinese-advertiser-behind-yispectre-ios-malware-and-hummingbad-android-malware-505939.shtml?utm_content=buffer88cbd&utm_medium=social&utm_source=plus.google.com&utm_campaign=buffer

黑客技术如何窃取facebook帐户,接着制作假护照

https://www.grahamcluley.com/2016/07/hacker-stole-access-facebook-users-profile-fake-passport/

仅仅48个小时,恶意软件依据facebook散布,感柒一万顾客

http://news.softpedia.com/news/malware-spread-via-facebook-makes-10-000-victims-in-48-hours-505969.shtml

数据信息泄露信息内容:

有的人释放出来twitter的7干万帐户以及yahoo 的五百万

昨日匿名者声称释放出来alibaba的数据库,提供了登陆密码,

顺应是不久前用的原来网易网游的电子邮件拖库出来的,基本信息https://nakedsecurity.sophos.com/2016/02/05/data-breach-in-china-100-million-records-used-to-hack-20-million-taobao-users/