8月1日-每日安全知识热点

 

资讯类:


越南机场遭自称中国黑客攻陷 屏幕显示:南海是中国的

http://bobao.360.cn/news/detail/3388.html

QRLJacking攻击能够绕过任何基于QR登录的系统

http://news.softpedia.com/news/qrljacking-can-bypass-any-qr-login-system-506818.shtm

DNC黑客行动被发现使用中国的开源工具

http://news.softpedia.com/news/malware-used-in-dnc-hack-has-roots-in-chinese-open-source-tool-506773.shtml?utm_content=buffer018ce&utm_medium=social&utm_source=linkedin.com&utm_campaign=buffe


技术类:

欺骗FreeDNS使用重定向流量到恶意站点

https://blog.sucuri.net/2016/07/fake-freedns-used-to-redirect-traffic-to-malicious-sites.html

www.google.com开启了HTFS,阻止中间人降级攻击(https->http)

https://security.googleblog.com/2016/07/bringing-hsts-to-wwwgooglecom.html

有关 Pokemon Go!游戏的hacking以及反向工程资源收集

https://blog.bugcrowd.com/big-bugs-podcast-episode-hacking-pokemon-go

Hacking Google for fun and profit

https://introvertmac.wordpress.com/2016/07/30/hacking-google-for-fun-and-profit/

高频率的security bughunting: 120天发现120个bug

https://shubs.io/high-frequency-security-bug-hunting-120-days-120-bugs/

Hacking Imgur for Fun and Profit

https://medium.com/@nmalcolm/hacking-imgur-for-fun-and-profit-3b2ec30c9463#.55iskvpb2

APT组织和行动的spreadsheets

https://docs.google.com/spreadsheets/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/edit?pref=2&pli=1#gid=361554658

DLL后门技术:第二部分,第三部分

http://www.gironsec.com/blog/2016/07/backdooring-dlls-part-2/

http://www.gironsec.com/blog/2016/07/backdooring-dlls-part-3/ 


解包分析另一款.net加密器

https://blog.malwarebytes.com/threat-analysis/2016/07/unpacking-yet-another-net-crypter/

介绍反向工程DXE驱动

https://www.lse.epita.fr/data/lt/2016-02-09/slides/lt-2016-02-09-Bruno%20Pujos-RE%20DXE.pdf

Firefox本地文件泄露以及同源策略绕过

http://leucosite.com/FireFox-LFD-and-SOP-Bypass/

在linux shellcode中实现nasm标准库

https://scorchsecurity.wordpress.com/2016/07/31/nasm-and-friends/

使用APKiD检测私有和恶意的andorid app

https://rednaga.github.io/2016/07/31/detecting_pirated_and_malicious_android_apps_with_apkid/ 


ss7MAPer – A SS7 渗透测试工具集

https://www.insinuator.net/2016/02/ss7maper-a-ss7-pen-testing-toolkit/

反向工程native Apps劫持网络流量

http://nickfishman.com/post/50557873036/reverse-engineering-native-apps-by-intercepting-network

 

数据库泄露信息:

迪斯尼Playdom论坛被黑,数据泄露

http://news.softpedia.com/news/disney-playdom-forums-suffer-data-breach-506823.shtml

国内热词:

猎网平台 [话筒]#猎网平台1岁啦# 为进一步提升警方打击网络诈骗能力,推进反诈骗各方的合作共享,北京网安与360公司联合正式发布猎网联盟!


曾经知名的FlashGet(网际快车)网站已关闭,据迅雷创始人回忆,当年迅雷被网际快车压制的时候,网际快车创始人侯延堂迷恋魔兽世界,停止更新软件长达一年。最终,侯延堂以1000万元的价格将网际快车卖给了ZCOM公司

查看原文