【知识】9月16日 - 每日安全知识热点

【知识】9月16日 - 每日安全知识热点

2017-09-16 09:40:32

阅读：587次
点赞(0)
收藏
来源： 安全客







作者：77caikiki






热点概要：音乐视频服务网站Vevo遭OurMine入侵，3.12TB数据被公布、ExpensiveWall：又一个影响420多万Google Play Store用户的Android恶意软件(含分析报告)、逆向英雄联盟客户端、BlueBorne安全威胁浅析、[exploit-db]D-Link DIR8xx Routers多个漏洞、RDP Pivoting with Metasploit

资讯类：

音乐视频服务网站Vevo遭OurMine入侵，3.12TB数据被公布

https://www.hackread.com/ourmine-hacks-video-leaks-data-online/

ExpensiveWall：又一个影响420多万Google Play Store用户的Android恶意软件，Google已移除50个包含恶意代码的app

http://thehackernews.com/2017/09/play-store-malware.html

VMware修复可允许Guest在Host上执行代码的bug

https://threatpost.com/vmware-patches-bug-that-allows-guest-to-execute-code-on-host/127990/

技术类

ExpensiveWall分析报告

https://research.checkpoint.com/expensivewall-dangerous-packed-malware-google-play-will-hit-wallet/

https://blog.checkpoint.com/2017/09/14/expensivewall-dangerous-packed-malware-google-play-will-hit-wallet/

逆向英雄联盟客户端

https://nickcano.com/reversing-league-of-legends-client/

BlueBorne安全威胁浅析

https://duo.com/blog/an-analysis-of-blueborne-bluetooth-security-risks

通过Chrome DLL劫持藏在广告软件包中的盗密码后门

https://www.bleepingcomputer.com/news/security/adware-installs-infostealer-trojan-that-it-loads-via-chrome-dll-hijacking/

ARM exploitation for IoT (Part 2)

https://quequero.org/2017/09/arm-exploitation-iot-episode-2/

传送门 Part 1：

https://quequero.org/2017/07/arm-exploitation-iot-episode-1/

后渗透框架RemoteRecon

https://github.com/xorrior/RemoteRecon

Exploit toolkit for CVE-2017-8759——.NET Framework RCE

toolkit地址：https://github.com/bhdresh/CVE-2017-8759

视频教程：

.NET中绕过UAF

https://offsec.provadys.com/UAC-bypass-dotnet.html

.NET远程处理(Remoting)介绍for Hackers

https://parsiya.net/blog/2015-11-14-intro-to-.net-remoting-for-hackers/

RDP Pivoting with Metasploit

http://www.hackingarticles.in/rdp-pivoting-metasploit/

[exploit-db]D-Link DIR8xx Routers多个漏洞

本地固件上传：https://www.exploit-db.com/exploits/42731/

登录凭证泄露：https://www.exploit-db.com/exploits/42729/

ROOT权限远程代码执行：https://www.exploit-db.com/exploits/42730/

Debug Cisco ASA Tools

https://github.com/nccgroup/asatools

Wiegotcha: 远距离RFID信号窃取

https://github.com/lixmk/Wiegotcha/blob/master/README.md

检测Mimikatz及其他可疑LSASS访问

https://www.eideon.com/2017-09-09-THL01-Mimikatz/

本文由 安全客 原创发布，如需转载请注明来源及本文地址。
本文地址：http://bobao.360.cn/learning/detail/4424.html