http://p8.qhimg.com/t0105eadd526b531a1d.png


热点概要:黑客可以利用智能插座关闭关键系统、通过非认证SMB实现对D-Link NAS设备的存储型XSS、Elcomsoft Phone Breaker 6.0 可以解密FileVault 2、使用Radare2进行反向工程第二部分、windows 8.1上的CVE-2014-4113利用分析 

国内热词:

Facebook如何打压民主

调查称超七成网民信息泄露

FBI扣押的Megaupload.org域名被劫持展示色情广告

资讯类:

FBI警告黑客将攻击电子投票系统

http://www.theregister.co.uk/2016/08/29/fbi_warns_attacks_on_election_systems/

黑客向你演示如何使用NSA工具解锁你的笔记本

https://motherboard.vice.com/read/hacker-unlock-a-laptop-nsa-tool-slotscreamer

幽灵小队关闭以色列总理,以色列银行网站

https://www.hackread.com/ghost-squad-attacks-israeli-prime-minister-site/

 

技术类:

Google如何欺骗广告商

https://medium.com/@nesovok/the-three-hottest-states-for-real-estate-investing-in-2016-54f7e96f8710

针对说德语用户的垃圾邮件邮件木马Ozone

http://news.softpedia.com/news/spam-delivers-new-ozone-rat-507738.shtml

基于被入侵指标的入侵检测最佳实践和Windows事件日志

http://www.thinkmind.org/index.php?view=article&articleid=icimp_2016_2_20_30032

SSF:安全套接字隧道

https://securesocketfunneling.github.io/ssf/#home

checkpoint发行PHP-7的反序列化漏洞报告

http://blog.checkpoint.com/2016/08/26/web-scripting-language-php-7-vulnerable-to-remote-exploits/

windows 8.1上的CVE-2014-4113利用分析

https://labs.bluefrostsecurity.de/publications/2016/01/07/exploiting-cve-2014-4113-on-windows-8.1/

CaptainHook :基于capstone反汇编引擎的hooking框架

https://github.com/shmuelyr/CaptainHook

使用Radare2进行反向工程第二部分

https://www.insinuator.net/2016/08/reverse-engineering-with-radare2-part-2/

Elcomsoft Phone Breaker 6.0 可以解密 FileVault 2, 下载icloud照片

http://www.forensicfocus.com/News/article/sid=2723/

最新版的 Ursnif 使用TOR作为CC隧道

https://www.proofpoint.com/us/threat-insight/post/new-ursnif-variant-dreambot-adds-tor-functionality

D-Link NAS, DNS 系列:通过非认证SMB实现存储型XSS

http://b.fl7.de/2016/08/d-link-nas-dns-xss-via-smb.html

黑客可以利用智能插座关闭关键系统

https://labs.bitdefender.com/2016/08/hackers-can-use-smart-sockets-to-shut-down-critical-systems/

Apple OS X IOHIDFamily 堆溢出导致的提权漏洞

http://www.zerodayinitiative.com/advisories/ZDI-16-494/

从哈利波特中学习到的安全课程

http://blog.totallynotmalware.net/?p=206

通过时间检测SSH登录失败尝试

http://capstarforensics.com/?p=775

基于浏览器的指纹识别

https://blog.malwarebytes.com/cybercrime/exploits/2016/08/browser-based-fingerprinting-implications-and-mitigations/amp/

最简单的方式绕过XSS缓解

http://brutelogic.com.br/blog/the-easiest-way-to-bypass-xss-mitigations/

通过拖回来的数据分析部分Rig Exploit Kit的代码

https://pcsxcetrasupport3.wordpress.com/2016/08/29/pulling-apart-rig-exploit-kit/

#LabyREnth CTF #Writeups – Random track

https://0xec.blogspot.de/2016/08/labyrenth-ctf-writeup-random-track.html

对PSVita的反向工程

http://st4rk.net/2016/08/29/henkaku-ps-vita-ctf-reverse-engineering/

文章原文链接:https://www.anquanke.com/post/id/84469