3月21日-每日安全知识热点

1.ipv6 攻击和防护指导

https://www.sans.org/reading-room/whitepapers/detection/complete-guide-ipv6-attack-defense-33904

2.一组URL schemes bugs测试工具，可以导致safari崩溃或者冻结 

https://github.com/pwnsdx/iOS-URI-Schemes-Abuse-PoC

3.BinDiff 现在可以免费下载了 

https://security.googleblog.com/2016/03/bindiff-now-available-for-free.html

4.网络暗黑世界的“域影”攻击：运营商劫持LOL等客户端海量级挂马 

http://en.wooyun.io/2016/03/16/45.html

5.Crackq GPU 破解api开放，但是破解还需要购买api key 

https://hashcrack.org/crackq

6.hacking Blind (远程，blind rop利用，绕过ASLR,NX等防护措施) 

http://www.scs.stanford.edu/~abelay/pdf/bittau:brop.pdf

7.使用python编写黑客工具第二部分 

http://resources.infosecinstitute.com/hacking-tools-with-python-part-2/

8.ADS(交互数据流)介绍 

https://hshrzd.wordpress.com/2016/03/19/introduction-to-ads-alternate-data-streams/

9.VOIP网络扫描,列举,查点技术 

http://resources.infosecinstitute.com/voip-network-recon-footprinting-scanning-and-enumeration/

10.Cross-Origin Scripting [ HTML5的window.postMessage API不安全使用 ] 

http://brutelogic.com.br/blog/cross-origin-scripting/

11.Xenotix v6.2 发行,BUG修复，增加新的payload和module 

https://www.owasp.org/index.php/OWASP_Xenotix_XSS_Exploit_Framework

12.GONGDA恶意软件工具包(exploitpack)通过韩国新闻网站派发恶意软件 

https://www.fireeye.com/blog/threat-research/2016/03/gongda_vs_koreanne.html

13.使用cycript hooking IOS app,使用introspy hooking andorid app在https://www.sensepost.com/blog/2016/android-hooking-with-introspy/ 

https://www.sensepost.com/blog/2016/advanced-cycript-and-substrate/

14.恶意欺诈软件通过垃圾邮件以脚本的方式感染计算机 

http://www.hotforsecurity.com/blog/malicious-scripts-spammed-out-to-infect-computers-with-ransomware-13574.html

15.垃圾邮件发送者滥用美国GOV域名 

http://krebsonsecurity.com/2016/03/spammers-abusing-trust-in-us-gov-domains/

16.对科技做出伟大贡献的5位女性 

https://blogs.mcafee.com/consumer/womens-history-month-5-women-in-stem/

17.5G网络面对的风险与机会 

https://blogs.mcafee.com/mcafee-labs/5g-networks-pose-cyber-risks-opportunities/

18.分析http加密流量识别用户操作系统，浏览器和应用程序 

http://arxiv.org/abs/1603.04865

19.RuleHound：静态分析NIDS规则，发现冗余的，冲突的 

https://rulehound.adventium.com/evaluator/

20.Frida中的Objective-C语法 

https://rotlogix.com/2016/03/20/objective-c-instrumentation-with-frida/

21.Windows NT x64 Syscall tables 

https://github.com/hfiref0x/SyscallTables

22.破解sql server的TDE加密 

http://simonmcauliffe.com/technology/tde/

23.Wildfly 通过filter限制绕过可以导致WEB-INF和META-INF信息泄露 

https://www.exploit-db.com/exploits/39573/

24.简单分析CryptoWall Drop 

http://sketchymoose.blogspot.tw/2016/03/looking-at-cryptowall-drop.html

25.PE和ELF学习第三部分 

http://resources.infosecinstitute.com/complete-tour-of-pe-and-elf-part-3/

26.搭建一个用于数据分析的测试平台 

http://resources.infosecinstitute.com/configuring-a-test-lab-for-data-analysis/

27.分析图片隐写的工具和算法  

http://blog.daniellerch.me/p/stego-tools.htm

本文由 360安全播报 原创发布，如需转载请注明来源及本文地址。
本文地址：http://bobao.360.cn/news/detail/2859.html