热点概要:一个不使用DLL注入技术绕过UAC的powershell框架、对Tofsee垃圾邮件僵尸网络的分析、cve-2016-5681 dlink rce漏洞细节、POWERSHELL EMPIRE + CVE-2016-0189 = PROFIT
国内热词:
Twitter CEO发文支持#赦免斯诺登运动
利用后门小米能在你的手机上安装任意应用
英国法院同意将激进黑客Lauri Love引渡至美国接受审判
全球多地iTunes Store/App Store服务出现故障
资讯类:
有35,000个ARRIS牌的有线调制解调器暴露在安全风险中
http://www.theregister.co.uk/2016/09/15/35000_unpatched_arris_routers_at_risk_from_firmware_dumper_bot/
技术类:
POWERSHELL EMPIRE + CVE-2016-0189 = PROFIT
https://www.cgsec.co.uk/powershell-empire-cve-2016-0189-profit/
Control FLow Enforcement(控制流执行)技术预览
https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf
CAPE:从Cuckoo Sandbox中配置和提取payload的工具
https://github.com/ctxis/CAPE
使用YAWAST测试SWEET32
https://adamcaudill.com/2016/09/15/testing-sweet32-yawast/
一个不使用DLL注入技术绕过UAC的powershell框架
https://github.com/FuzzySecurity/PowerShell-Suite/tree/master/Bypass-UAC
dingo:一个Google DNS-over-HTTPS的缓存DNS代理
https://github.com/pforemski/dingo
企业内部禁止使用SMBv1的方法
https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/
对Tofsee垃圾邮件僵尸网络的分析
https://www.cert.pl/en/news/single/tofsee-en/
The macabre dance of memory chunks
https://thisissecurity.net/2016/09/16/the-macabre-dance-of-memory-chunks/
H-field electromagnetic sniffing(H-field电磁嗅探)
https://labs.mwrinfosecurity.com/blog/h-field-electromagnetic-sniffing/
cve-2016-5681:dlink rce漏洞细节
https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2016/vulntracker_advisory_dlink_rce_vulnerability_cve-2016-5681pdf/
本文由 安全客 原创发布,如需转载请注明来源及本文地址。
本文地址:http://bobao.360.cn/news/detail/3562.html