11月09日-每日安全知识热点

http://p2.qhimg.com/t01ee0ded1a480b06ce.jpg

今天是已故互联网之子“aaronswartzday” 29岁生日


Volatility v2.5 发行

http://www.volatilityfoundation.org/

1、joomla CMS 使用了一个不严谨的加密体制

http://www.openwall.com/lists/oss-security/2015/11/08/1

2、HITB 2015 CRYpto 300 Write-up

http://romainthomas.fr/blog/writeup-hitb2015-crypto300.html

3、HTTP逃逸第七部分:幸运数字

http://noxxi.de/research/http-evader-explained-7-lucky-number.html

4、weblogic,websphere,jboss,jenkins,opennms常见漏洞汇总

http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/


5、覆写linux/mac/windows的内存函数

https://github.com/ststeiger/FunctionInterception

6、powermemory:一个用powershell写的内存debugger工具

https://github.com/giMini/PowerMemory

7、不使用自动化工具提权

http://resources.infosecinstitute.com/download/post-exploitation-without-automated-tools/

8、POC2015会议的PPT

http://powerofcommunity.net/2015/poc2015_1st.zip

http://powerofcommunity.net/2015/poc2015_2nd.zip


9、通过firemware和hardware攻击hypervisors

http://www.intelsecurity.com/advanced-threat-research/content/AttackingHypervisorsViaFirmware_bhusa15_dc23.pdf

10、exploit开发基础课程

http://resources.infosecinstitute.com/debugging-fundamentals-for-exploit-development/


11、WildNeutron/Morpho #APT: IOCs文件和攻击技术分析

https://www.kudelskisecurity.com/sites/default/files/sphinx_moth_cfc_report.pdf

12、STEGOSPLOIT: OWNED BY A JPG

http://hackaday.com/2015/11/06/stegosploit-owned-by-a-jpg/

13、分析加密PAYLOAD的OFFICE恶意文件

http://blog.didierstevens.com/2015/11/06/analysis-of-an-office-maldoc-with-encrypted-payload-slow-and-clean/

14、如何用死掉的C2隐藏恶意流量

https://www.scriptjunkie.us/2015/11/how-i-used-dead-drop-c2-to-hide-malicious-traffic/


15、checkpoint关于"offline"恶意欺诈软件的分析

http://blog.checkpoint.com/wp-content/uploads/2015/11/Check-Point-Technical-Report-.pdf

16、保护windows网络,阻止pass-the-hash攻击

https://dfirblog.wordpress.com/2015/11/08/protecting-windows-networks-defeating-pass-the-hash/

17、PUTTY发现整形溢出漏洞,请及时更新最新版putty

http://tartarus.org/~simon-git/gitweb/?p=putty-wishlist.git;a=blob_plain;f=data/vuln-ech-overflow;hb=refs/heads/master

18、Fingerprinter:cms指纹识别工具

https://github.com/erwanlr/Fingerprinter

免责声明:文章内容不代表本站立场,本站不对其内容的真实性、完整性、准确性给予任何担保、暗示和承诺,仅供读者参考,文章版权归原作者所有。如本文内容影响到您的合法权益(内容、图片等),请及时联系本站,我们会及时删除处理。查看原文

为您推荐