7月04日-每日安全知识热点

技术类:


我如何破解一个键盘记录,以及进入攻击者的邮箱的

https://www.trustwave.com/Resources/SpiderLabs-Blog/How-I-Cracked-a-Keylogger-and-Ended-Up-in-Someone-s-Inbox/




EMET对阻击Non-Explations使用的有效性

https://www.okta.com/blog/2016/07/the-emet-serendipity-emets-ineffectiveness-against-non-exploitation-uses/




hashcat 3.0发布 [集成hashcat和oclhash到一个项目]

https://hashcat.net/forum/thread-5559.html




一年针对windows内核字体的fuzzing第二部分

https://googleprojectzero.blogspot.co.il/2016/07/a-year-of-windows-kernel-font-fuzzing-2.html




自定义固件解锁一个健身跟踪设备

http://hackaday.com/2016/07/03/custom-firmware-unlocks-fitness-tracker/




冷静!https不是vpn,https比你想象的隐私保护要少

../../talks/DirkWetter--Calmdown,HTTPSisnotaVPN.pdf




通过内嵌的JSE分发的金融恶意软件

http://payload-security.blogspot.de/2016/07/spyware-delivered-via-embedded-jse-in.html




Ubuntu 16.04 本地root - netfilter target_offset OOB POC

https://www.exploit-db.com/exploits/40049/




OSX keychain取证的艺术,相关代码在https://github.com/n0fate/iChainbreaker

../../wp-content/uploads/2015/08/FIOS-2015-OS-X-Keychain-Forensic-Artifacts.html




传输文件从kali到windows

https://blog.ropnop.com/transferring-files-from-kali-to-windows/




x86-64机器级编程

http://ecee.colorado.edu/ecen4553/fall12/asm64-handout.pdf




构建在LuaJIT上的轻量级SDR框架

http://luaradio.io/




实践android恶意软件分析

https://slides.com/paul38/ndh-2016-android-malware-analysis/live#/




如何使用burp intruder和excel测试基于时间的盲注

https://www.youtube.com/watch?v=Q4j79v8pl5w




From zero to SYSTEM on full disk encrypted windows system

http://www.slideshare.net/NabeelAhmed7/from-zero-to-system-on-full-disk-encrypted-windows-system




使用ProcDOT进行恶意软件分析的视频

https://t.co/pJYMIcmSPN




checkpoint发行的HummingBad研究报告

../../wp-content/uploads/2016/07/HummingBad-Research-report_FINAL-62916.pdf




通过便宜的rtl-sdr设备传输数据

http://www.rtl-sdr.com/an-rtl-sdr-to-rtl-sdr-qso-with-rtl-trx-transmit-rtty-with-the-rtl-sdr/




垃圾邮件包含zip附件,附件里包含恶意js

https://isc.sans.edu/forums/diary/Malicious+spam+with+zip+attachments+containing+js+files/20153/




对amd Radeon RX 480 8GB显卡的介绍

http://www.guru3d.com/articles_pages/amd_radeon_r9_rx_480_8gb_review,1.html?sf30022002=1




RPO Gadgets

http://blog.innerht.ml/rpo-gadgets/




ECB Byte at a Time

https://c0nradsc0rner.wordpress.com/2016/07/03/ecb-byte-at-a-time/




Google Caja沙盒绕过

http://blog.bentkowski.info/2016/07/xss-es-in-google-caja.html




看2个中国人在巴基斯坦安装ATM Skimmer

https://www.hackread.com/chinese-installing-atm-skimmer-in-pakistan/




滥用地铁通信网络

http://www.slideshare.net/moshez/abusing-the-train-communication-network-or-what-could-have-derailed-the-northeast-regional-188




安全shellcode实现

https://labs.mwrinfosecurity.com/blog/safer-shellcode-implants/



资讯类:


1万facebook用户受恶意软件影响

http://www.scmagazine.com/10k-facebook-users-infected-by-malware/article/506963/




通过Telegram bot被黑的2千万伊朗用户

http://en.trend.az/iran/society/2553314.html



数据泄露消息:

匿名者声称放出alibaba的数据库,压缩文件加密的。没法解压。可信度不高