12月9日安全热点

image

资讯类

Apple HomeKit现漏洞,黑客可控制大门与灯光

http://www.bbc.com/news/technology-42283401

18年最大的安全风险可能集中在区块链和机器学习
http://www.valuewalk.com/2017/12/biggest-cybersecurity-risks-2018/

Annoymous攻击以色列并威胁美国政府

http://securityaffairs.co/wordpress/66491/hacktivism/opisrael-opus-anonymous.html

技术类

Linux Exploitation从入门到入狱
https://github.com/nnamon/linux-exploitation-course

约会应用也不放过?绕过IDOR

http://blog.gaurangbhatnagar.com/2017/12/02/Hacking-a-dating-app.html

P4wnp1 nexmon additions

https://github.com/mame82/P4wnP1_nexmon_additions

此前提到的AVGater,我们真的应该担心嘛

https://securingtomorrow.mcafee.com/mcafee-labs/should-i-worry-about-avgater-which-exploits-some-security-products/

macOS平台新的恶意软件——HiddenLotus

https://blog.malwarebytes.com/threat-analysis/2017/12/interesting-disguise-employed-by-new-mac-malware/amp/

QNX QNet提权漏洞分析

https://www.midnightbluelabs.com/blog/2017/12/8/elevation-of-privilege-vulnerability-in-qnx-qnet

macOS中不安全的cron

https://m4.rkw.io/blog/macos-high-sierra-10131-insecure-cron-system.html

Mr.Robot Disassembled

https://medium.com/@ryankazanciyan/mr-robot-disassembled-eps3-8-stage3-torrent-8b80e14fc6fb

黑掉了Whatsapp内心毫无波动甚至还往群里添加了联系人

https://www.linkedin.com/pulse/hacking-whatsapp-adding-contacts-groups-when-being-blocked-shprinz/

OSCP课程介绍

https://411hall.github.io/OSCP-Preparation/

跟踪事件日志的分析

http://blog.jpcert.or.jp/2017/12/research-report-released-detecting-lateral-movement-through-tracking-event-logs-version-2.html

使用不同的模糊测试暴露出程序语言的隐藏利用面

https://www.blackhat.com/docs/eu-17/materials/eu-17-Arnaboldi-Exposing-Hidden-Exploitable-Behaviors-In-Programming-Languages-Using-Differential-Fuzzing-wp.pdf


为您推荐了相关的技术文章:

  1. unserialize() 实战之 vBulletin 5.x.x 远程代码执行
  2. Kaggle初探--房价预测案例之数据分析
  3. 一篇文章走进Mac逆向的世界
  4. S2-017重现过程
  5. 通过Netflow进行攻击AS溯源

原文链接: www.anquanke.com