热点概要：Opera同步服务被黑公告所有用户修改密码、通过后门闯入加固的服务器、通过松散的域名导入系统接管2万个DigitalOcean域名、Instegogram:通过图像隐写技术利用Instagram为C2

国内热词：

百度移除比特币广告

利用Wi-Fi 信号实现人体识别

资讯类：

Opera同步服务被黑，公告所有用户修改密码

http://www.opera.com/blogs/security/2016/08/opera-server-breach-incident/

匿名黑客黑德意志银行集团的子公司反对镇压

https://www.hackread.com/anonymous-hacks-deutsche-bank-subsidiary/

技术类：

通过后门闯入加固的服务器

http://polynome.co/infosec/inversoft/elasticsearch/linode/penetration-testing/2016/08/16/hack-that-inversoft.html

通过松散的域名导入系统接管2万个DigitalOcean域名

https://thehackerblog.com/floating-domains-taking-over-20k-digitalocean-domains-via-a-lax-domain-import-system/index.html

Keeper密码管理软件的BUG： 可信的UI注入到不可信的页面

https://bugs.chromium.org/p/project-zero/issues/detail?id=917

l0l：exploit开发工具

https://github.com/roissy/l0l

Mozilla出的SSH配置和策略扫描器

https://github.com/mozilla/ssh_scan

64位debugging和WoW64文件系统重定向

http://x64dbg.com/blog/2016/08/27/supporting-wow64-debugging.html

法国地下世界：看黑客彼此互黑

http://blog.trendmicro.com/trendlabs-security-intelligence/when-hackers-hack-each-other-a-staged-affair-in-the-french-underground/

Fuzzing the windows内核

http://gsec.hitb.org/materials/sg2016/D2%20-%20Koh%20Yong%20Chuan%20-%20Fuzzing%20the%20Windows%20Kernel.pdf

黑客在赢得bug奖金后曝光facebook严重漏洞，该漏洞细节在

https://hackernoon.com/how-i-could-have-hacked-multiple-facebook-accounts-d9d335188d9b#.jnuio3atd

https://www.hackread.com/hacker-wins-facebook-bug-bounty/

RIPPER ATM恶意软件和12万泰铢奖金

https://www.fireeye.com/blog/threat-research/2016/08/ripper_atm_malwarea.html

对ssl重协商的安全建议

https://blogs.mcafee.com/mcafee-labs/tips-securing-ssl-renegotiation/

metasplitable:面向新手的渗透测试实践技巧

http://www.hackingarticles.in/penetration-testing-skills-practice-metasploitable-beginner-guide/

Instegogram:通过图像隐写技术利用Instagram为C2

https://www.endgame.com/blog/instegogram-leveraging-instagram-c2-image-steganography

文章原文链接:https://www.anquanke.com/post/id/84460