每日安全知识热点

怪狗 2016-7-29 HACK 0 0

        每日安全知识热点

  1、针对zengge wifi灯泡的多种攻击方式

  http://blog.viktorstanchev.com/2015/12/20/the-many-attacks-on-zengge-wifi-lightbulbs/

  2、[MS15-010 / CVE-2015-0057] 本地提权利用

  http://hdwsec.fr/blog/CVE-2015-0057.html

  3、获取wag54g家庭路由器的控制台访问权限

  https://www.elttam.com.au/blog/gaining-console-access-to-the-WAG54G-home-router/

  4、twitter上关于juniper后门的一些讨论,这里是相关的记录,二进制分析 https://github.com/hdm/juniper-cve-2015-7755,老版本的ScreenOS下载https://s3.amazonaws.com/dmk/ns5xt.5.0.0r11.0.zip,https://s3.amazonaws.com/dmk/ns5xt.5.0.0r11.0.zip

  https://www.imperialviolet.org/2015/12/19/juniper.html

  5、挖掘XSS漏洞入门

  http://brutelogic.com.br/blog/probing-to-find-xss/

  6、NOdeGoat:使用Node.js开发的针对owasp top 10 web安全风险的学习环境

  https://github.com/OWASP/NodeGoat

  7、将树莓派ZERO放置在Lapdock 100中

  http://www.h-i-r.net/2015/12/raspberry-pi-zero-inside-lapdock-100.html

  8、使用MJPEG和powershell监控目标用户桌面操作

  http://www.labofapenetrationtester.com/2015/12/stream-targets-desktop-using-mjpeg-and-powershell.html

  9、Foxit针对隐藏多年的Ponmocup僵尸网络的分析ppt

  https://www.botconf.eu/wp-content/uploads/2015/12/OK-P01-Maarten-van-Dantzig-Yonathan-Klijnsma-Ponmocup.pdf

  10、对Inquirer.net网站的input的xss逃逸利用

  https://respectxss.blogspot.de/2015/12/is-escaping-option-there.html

  11、攻击HTTP/2实现

  https://yahoo-security.tumblr.com/post/134549767190/attacking-http2-implementations

  12、有关Tor工作原理的3篇文章

  http://jordan-wright.com/blog/2015/02/28/how-tor-works-part-one/

  http://jordan-wright.com/blog/2015/05/09/how-tor-works-part-two-relays-vs-bridges/

  http://jordan-wright.com/blog/2015/05/14/how-tor-works-part-three-the-consensus/

  13、高级windows debugging

  http://bxi.es/Reversing-Exploiting/Advanced_Windows_Debugging.pdf

  14、HexPADS:一个基于主机的,性能计数器为基础的攻击检测系统

  https://github.com/HexHive/HexPADS

  15、T50:包注入工具

  https://github.com/fredericopissarra/t50

  16、MISP:恶意软件信息分享平台

  https://github.com/MISP/MISP

  17、指纹识别meterpreter反向http(https)会话

  http://x42.obscurechannel.com/?p=197

  18、通过机器学习捕捉恶意软件

  https://blog.cylance.com/hunting-for-malware-with-machine-learning

  19、研究人员发现quantum加密算法存有安全漏洞

  https://www.researchgate.net/blog/post/researchers-find-security-hole-in-quantum-cryptography

  20、CVE-2015-7755: Juniper ScreenOS认证后门分析

  https://community.rapid7.com/community/infosec/blog/2015/12/20/cve-2015-7755-juniper-screenos-authentication-backdoor

  21、t2-15挑战writeup

  https://t2.fi/materials/solving-the-t2-15-challenge-winners-view-by-juha-kivekas.pdf

  22、Angler EK最新CVE-2015-8446 Flash Exploit分析

  http://blogs.360.cn/360safe/2015/12/19/angler-ek%E6%9C%80%E6%96%B0cve-2015-8446-flash-exploit%E5%88%86%E6%9E%90/

  23、一个简单的ELASTICSEARCH蜜罐

  http://securityblog.gr/3052/a-simple-elasticsearch-honeypot/

  24、在FreeBSD's bhyve下运行windows

  http://pr1ntf.xyz/windowsunderbhyve.html

原文地址:https://www.77169.com/hack/201512/221161.shtm

转载请注明来自华盟网,本文标题:《每日安全知识热点》

喜欢 (0) 发布评论