http://p8.qhimg.com/t0105eadd526b531a1d.png


热点概要:一个不使用DLL注入技术绕过UAC的powershell框架、对Tofsee垃圾邮件僵尸网络的分析、cve-2016-5681 dlink rce漏洞细节、POWERSHELL EMPIRE + CVE-2016-0189 = PROFIT

国内热词:


Twitter CEO发文支持#赦免斯诺登运动

利用后门小米能在你的手机上安装任意应用

英国法院同意将激进黑客Lauri Love引渡至美国接受审判

全球多地iTunes Store/App Store服务出现故障

资讯类:


有35,000个ARRIS牌的有线调制解调器暴露在安全风险中

http://www.theregister.co.uk/2016/09/15/35000_unpatched_arris_routers_at_risk_from_firmware_dumper_bot/

技术类:


POWERSHELL EMPIRE + CVE-2016-0189 = PROFIT

https://www.cgsec.co.uk/powershell-empire-cve-2016-0189-profit/

Control FLow Enforcement(控制流执行)技术预览

https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf

CAPE:从Cuckoo Sandbox中配置和提取payload的工具

https://github.com/ctxis/CAPE

使用YAWAST测试SWEET32

https://adamcaudill.com/2016/09/15/testing-sweet32-yawast/

一个不使用DLL注入技术绕过UAC的powershell框架

https://github.com/FuzzySecurity/PowerShell-Suite/tree/master/Bypass-UAC

dingo:一个Google DNS-over-HTTPS的缓存DNS代理

https://github.com/pforemski/dingo

企业内部禁止使用SMBv1的方法

https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/

对Tofsee垃圾邮件僵尸网络的分析

https://www.cert.pl/en/news/single/tofsee-en/

The macabre dance of memory chunks

https://thisissecurity.net/2016/09/16/the-macabre-dance-of-memory-chunks/

H-field electromagnetic sniffing(H-field电磁嗅探)

https://labs.mwrinfosecurity.com/blog/h-field-electromagnetic-sniffing/

cve-2016-5681:dlink rce漏洞细节

https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2016/vulntracker_advisory_dlink_rce_vulnerability_cve-2016-5681pdf/

文章原文链接:https://www.anquanke.com/post/id/84572