互联网每日安全知识热点。
百度移动搜索昨晚无法正常使用
中国警方据称使用声纹识别发现诈骗者
Mozilla 收购 Pocket
资讯类:
CloudPets 泰迪熊玩具泄露数百万语音信息和密码
http://thehackernews.com/2017/02/iot-teddy-bear.html
波音公司的员工于去年年底泄露了36000名同事的个人信息
http://securityaffairs.co/wordpress/56736/data-breach/boeing-data-leak.html
技术类:
通过web蓝牙黑掉独角兽玩具
https://www.contextis.com/resources/blog/hacking-unicorns-web-bluetooth/
QEMU:virtfs允许guest访问整个主机文件系统
https://bugs.chromium.org/p/project-zero/issues/detail?id=1035
Chakra.dll漏洞和现代缓解技术的局限性
https://www.endgame.com/blog/chakra-exploit-and-limitations-modern-mitigation-techniques
AtomBombing:windows的全新代码注入技术
https://breakingmalware.com/injection-techniques/atombombing-brand-new-code-injection-for-windows/
银行木马Dridex分析,主要使用AtomBombing注入技术
https://securityintelligence.com/dridexs-cold-war-enter-atombombing/
sha1collider:生成两个不同内容但具有相同SHA1的PDF文件
https://github.com/nneonneo/sha1collider
.net逆向第一篇
http://codepool.me/NET-Reverse-Enginering-Part-1/
ESET Endpoint Antivirus 6 root权限的远程代码执行
http://seclists.org/fulldisclosure/2017/Feb/68
C语言中的内存管理:堆和堆栈
http://www.inf.udec.cl/~leo/teoX.pdf
https://ocw.mit.edu/courses/electrical-engineering-and-computer-science/6-s096-introduction-to-c-and-c-january-iap-2013/lectures-and-assignments/c-memory-management/MIT6_S096_IAP13_lec3.pdf
在windows10上讲windows kernel shellcode
https://improsec.com/blog//windows-kernel-shellcode-on-windows-10-part-1
逃逸沙盒技术两个部分
https://www.vmray.com/blog/sandbox-evasion-techniques-part-1/
https://www.vmray.com/blog/sandbox-evasion-techniques-part-2/
使用编码技术的重定向(part-1)
http://www.hackingarticles.in/understanding-redirection-encoding-techniques-part-1/
Cisco ASA防火墙漏洞cve-2016-1287分析和验证
https://blog.exodusintel.com/2016/02/10/firewall-hacking/
https://blog.netspi.com/cisco-asa-remote-code-execution-verifying-cve-2016-1287/
windows内核本地拒绝服务#2win32k!NtDCompositionBeginFrame (Windows 8-10)
http://j00ru.vexillium.org/?p=3151
Mozilla Firefox: use-after-poison in nsStylePadding::GetPadding
https://bugs.chromium.org/p/project-zero/issues/detail?id=1135
Cisco AnyConnect Secure Mobility客户端4.3.04027 - 权限提升漏洞
https://www.exploit-db.com/exploits/41476/
动态IP解决新浪的反爬虫机制,快速抓取内容
https://github.com/szcf-weiya/SinaSpider