国内热词:
互联网勒索软件年利润估计可达94万6千美元
福特和百度联合投资向激光雷达企业投资1.5亿美元
NSA被黑,或有可能成为第二个TheHackingTeam事件
资讯类:
windows平台出现口袋妖怪GO样式的恶意欺诈软件
斯诺登认为是俄罗斯黑客NSA
已经确认黑客工具泄露来自于“无所不能”的NSA组织
技术类:
针对方程式组织的Cisco ASA 关闭密码验证的demo演示
https://xorcatt.wordpress.com/2016/08/16/equationgroup-tool-leak-extrabacon-demo/
不要使用short-IDS,假冒的Linus Torvalds'公钥被发现
https://lkml.org/lkml/2016/8/15/445
A Shadow of our Former Self
https://googleprojectzero.blogspot.com/2016/08/a-shadow-of-our-former-self.html
分析一个EK-EK Flash文件
OSINT:收集WHOIS数据
https://webbreacher.com/2016/08/09/harvesting-whois-data-for-osint/
捕捉APT:YARA
格式化字符串利用之覆写GOT
https://www.youtube.com/watch?v=t1LH9D5cuK4
自己构建一个基于Arduino 的GPS导航系统
http://www.seeed.cc/project_detail.html?id=1818
EQGRP工具集(方程式组织)的YARA规则
https://github.com/Neo23x0/signature-base/blob/master/yara/apt_eqgrp.yar
VXWORKS: EXECUTE MY PACKETS
http://blog.exodusintel.com/2016/08/09/vxworks-execute-my-packets/
一个用来计算各种不用加密哈希算法的开源脚本
https://github.com/Miserlou/omnihash
SAP Hybris E-commerce Suite VirtualJDBC 默认帐号
http://seclists.org/bugtraq/2016/Aug/125
解密恶意欺诈软件Cerber 版本 1 和 2的工具
https://www.cerberdecrypt.com/RansomwareDecryptionTool/
YAWAST:一款web安全测试工具
https://github.com/adamcaudill/yawast
PAN #Labyrenth CTF Mobile 1,2 & 3 关卡的writeup
https://github.com/uafio/git/blob/master/scripts/labyREnth-2016/labyrenth-2016-mobile-1.txt
https://github.com/uafio/git/blob/master/scripts/labyREnth-2016/labyrenth-2016-mobile-2.py
PAN #Labyrenth CTF Docs 1,2,3关卡的writeup
https://github.com/uafio/git/blob/master/scripts/labyREnth-2016/labyrenth-2016-docs-2.py
https://github.com/uafio/git/blob/master/scripts/labyREnth-2016/labyrenth-2016-docs-1.py
https://github.com/uafio/git/blob/master/scripts/labyREnth-2016/labyrenth-2016-docs-4.py
使用angr 来模糊测试 IOCTLs
http://thunderco.re/project/security/2016/07/18/fuzzing-ioctls/
OSTIF, QuarksLab,和 VeraCrypt 的 E-mails已经被劫持
https://ostif.org/ostif-quarklab-and-veracrypt-e-mails-are-being-intercepted/
Zabbix 2.2.x, 3.0.x 的 sql 注入poc
https://www.exploit-db.com/exploits/40237/
文章原文链接:https://www.anquanke.com/post/id/84403
