http://p6.qhimg.com/t017313015b51e6034e.png


热点概要:对OpenSSL ChaCha20-Poly1305 (CVE-2016-7054)堆溢出的分析、针对台湾政府和能源公司攻击的Tropic Trooper APT组织、对CURl的安全审计报告、InPage 0day利用被用于攻击亚洲金融机构、PUTTY PSCP远程代码执行漏洞(CVE-2016-2563)

国内热词:

VPN服务商寻求挫败英国的网络历史记录法律

滥用 Telegram API 的勒索软件被破解

微软一边加入Linux基金会,一边收Linux专利费

Tor手机“化解”Google对Android的“敌意”

恶意视频链接会导致任何iOS设备死机

Facebook为入华开发专门的审查工具

资讯类:

黑客可以通过耳机监视受害者主机

http://bestsecuritysearch.com/hackers-can-eavesdrop-victims-via-headphones/

技术类:

对OpenSSL ChaCha20-Poly1305 (CVE-2016-7054)堆溢出的分析

https://blog.fortinet.com/2016/11/23/analysis-of-openssl-chacha20-poly1305-heap-buffer-overflow-cve-2016-7054

来自kiwicon的PPT:GPS spoofing

https://zxsecurity.co.nz/presentations/201611_Kiwicon-ZXSecurity_GPSSpoofing_LetsDoTheTimewarpAgain.pdf

Test AS/400 默认帐号

https://milo2012.wordpress.com/2014/12/07/test-as400-for-default-credentials/

macOS安全实践

https://github.com/drduh/macOS-Security-and-Privacy-Guide

vim/neovim: 任意命令执行 (CVE-2016-1248) : 

http://seclists.org/oss-sec/2016/q4/506

tlsenum:枚举 TLS cipher-suites 的开源项目

https://github.com/Ayrx/tlsenum

JAVA反序列化安全实例解析

http://techshow.ctrip.com/archives/1414.html

(福利局)PUTTY PSCP远程代码执行漏洞(CVE-2016-2563)

http://whereisk0shl.top/post/2016-11-23

I Know Where Your Page Lives: Derandomizing the latest Windows 10 Kernel – ZeroNights 2016

https://github.com/IOActive/I-know-where-your-page-lives

使用dnlib实现.NET Patcher 

https://github.com/ioncodes/dnpatch

InPage 0day利用被用于攻击亚洲金融机构

https://securelist.com/blog/research/76717/inpage-zero-day-exploit-used-to-attack-financial-institutions-in-asia/

来自ZeroNights_2016的ppt:BIOS安全之符号执行

https://github.com/REhints/Publications/tree/master/Conferences/ZeroNights_2016

使用ModSecurity和核心规则库安全Drupal

https://www.netnea.com/cms/2016/11/22/securing-drupal-with-modsecurity-and-the-core-rule-set-crs3/

Python Security Auditing (V): Runtime Code Analysis Tool

https://www.cdxy.me/?p=750

Acunetix Web Vulnerability Scanner v11 发行

http://www.acunetix.com/blog/news/acunetix-v11-integrates-vulnerability-management/

brutal:可以在Teensy设备上生成不同payload的开源项目

https://github.com/screetsec/brutal

使用Empire劫持密码

https://sensepost.com/blog/2016/intercepting-passwords-with-empire-and-winning/

对CURl的安全审计报告

https://wiki.mozilla.org/images/a/aa/Curl-report.pdf

Windows 10下的SEH+Pivots+ROP堆栈利用技术视频

https://www.youtube.com/watch?v=J1Dt8pIe1RE

通过破解Microsoft OneDrive帐号来扩散恶意软件

https://blogs.forcepoint.com/security-labs/compromised-microsoft-onedrive-business-accounts-used-spread-malware

TeleCrypt :滥用Telegram API的勒索软件

https://blog.malwarebytes.com/threat-analysis/2016/11/telecrypt-the-ransomware-abusing-telegram-api-defeated/

针对台湾政府能源公司的Tropic Trooper APT组织,这是paloaltonetworks的技术分析

http://researchcenter.paloaltonetworks.com/2016/11/unit42-tropic-trooper-targets-taiwanese-government-and-fossil-fuel-provider-with-poison-ivy/

http://securityaffairs.co/wordpress/53698/breaking-news/tropic-trooper-campaign.html

文章原文链接:https://www.anquanke.com/post/id/84977