4月5日-每日安全知识热点

http://p0.qhimg.com/t01f7ef32da341925d2.jpg

1、Quanta LTE 路由器多个漏洞

https://pierrekim.github.io/blog/2016-04-04-quanta-lte-routers-vulnerabilities.html


2、Domino's app订购pizza时,付费漏洞

http://www.ifc0nfig.com/dominos-pizza-and-payments/


3、获取outlook,office或Azure账号的登陆token

https://whitton.xyz/articles/obtaining-tokens-outlook-office-azure-account/


4、TLS客户端陷阱

https://lukasa.co.uk/2016/04/In_Response_To_Sucuri/


5、(CVE-2016-2345)   Dameware Mini Remote Control漏洞分析

https://www.securifera.com/blog/2016/04/03/fun-with-remote-controllers-dameware-mini-remote-control-cve-2016-2345/


6、在android市场top 15000的app程序大概有135000个潜在的漏洞

https://blog.vulners.com/hackapp-indexed-135-000-potential-vulnerabilities-in-13000-android-applications/


7、FreeBSD / OpenBSD x64 的shellcode

https://odzhan.wordpress.com/2016/04/03/x64-shellcodes-bsd/


8、Trooperscon 2016 安全会议视频

https://www.youtube.com/user/trooperscon?app=desktop


9、Locky恶意欺诈软件的感染过程分析

http://www.welivesecurity.com/2016/04/04/analysis-of-the-locky-infection-process/


10、mips架构的缓冲区利用

https://www.exploit-db.com/docs/39658.pdf


11、通过中间人捕捉NETLINK通信

http://dtucker.co.uk/hack/taming-netlink.html


12、IOS远程热补丁的收益与风险

https://www.fireeye.com/blog/threat-research/2016/04/rollout_or_not_the.html


13、bugcrowd csv注入漏洞

http://www.securityfocus.com/archive/1/537963


14、Tomcat7加固手册

https://www.ernw.de/download/hardening/ERNW_Checklist_Tomcat7_Hardening.pdf


15、Pwncloud:Owncloud加密模块的弱加密

https://blog.hboeck.de/archives/880-Pwncloud-bad-crypto-in-the-Owncloud-encryption-module.html


16、在linux下枚举bitlocker卷

http://blog.airbuscybersecurity.com/post/2016/01/Mounting-Bitlocker-Volumes-Under-Linux


17、在32/64位linux上利用Pax ASLR弱点

https://www.blackhat.com/docs/asia-16/materials/asia-16-Marco-Gisbert-Exploiting-Linux-And-PaX-ASLRS-Weaknesses-On-32-And-64-Bit-Systems.pdf


18、使用apt-get安装GSM网络

http://laforge.gnumonks.org/blog/20160328-osmocom-in-debian/


19、linux上的动态跟踪工具

https://iovisor.github.io/bcc/


20、CVE-2015-1805 漏洞分析

http://blog.trendmicro.com/trendlabs-security-intelligence/critical-cve-2015-1805-vulnerability-allows-permanent-rooting-android-phones/


21、WhatsPwn:在andorid上提取敏感数据。注入后门的工具

https://github.com/jlrodriguezf/WhatsPwn


22、能够在arm架构上生成elf的C编译器

https://github.com/jserv/amacc


23、对x86平台的c函数打热补丁

http://nullprogram.com/blog/2016/03/31/


24、防止反向工程native和managerd程序

https://jyx.jyu.fi/dspace/bitstream/handle/123456789/47956/978-951-39-6437-5_vaitos15122015.pdf?sequence=1


25、如何hack选举

http://www.bloomberg.com/features/2016-how-to-hack-an-election/

免责声明:文章内容不代表本站立场,本站不对其内容的真实性、完整性、准确性给予任何担保、暗示和承诺,仅供读者参考,文章版权归原作者所有。如本文内容影响到您的合法权益(内容、图片等),请及时联系本站,我们会及时删除处理。查看原文

为您推荐