12月21日-每日安全知识热点

1、针对zengge wifi灯泡的多种攻击方式

http://blog.viktorstanchev.com/2015/12/20/the-many-attacks-on-zengge-wifi-lightbulbs/

2、[MS15-010 / CVE-2015-0057] 本地提权利用

http://hdwsec.fr/blog/CVE-2015-0057.html

3、获取wag54g家庭路由器的控制台访问权限

https://www.elttam.com.au/blog/gaining-console-access-to-the-WAG54G-home-router/

4、twitter上关于juniper后门的一些讨论,这里是相关的记录,二进制分析 https://github.com/hdm/juniper-cve-2015-7755,老版本的ScreenOS下载https://s3.amazonaws.com/dmk/ns5xt.5.0.0r11.0.zip,https://s3.amazonaws.com/dmk/ns5xt.5.0.0r11.0.zip

https://www.imperialviolet.org/2015/12/19/juniper.html

5、挖掘XSS漏洞入门

http://brutelogic.com.br/blog/probing-to-find-xss/

6、NOdeGoat:使用Node.js开发的针对owasp top 10 web安全风险的学习环境

https://github.com/OWASP/NodeGoat

7、将树莓派ZERO放置在Lapdock 100中

http://www.h-i-r.net/2015/12/raspberry-pi-zero-inside-lapdock-100.html

8、使用MJPEG和powershell监控目标用户桌面操作

http://www.labofapenetrationtester.com/2015/12/stream-targets-desktop-using-mjpeg-and-powershell.html

9、Foxit针对隐藏多年的Ponmocup僵尸网络的分析ppt

https://www.botconf.eu/wp-content/uploads/2015/12/OK-P01-Maarten-van-Dantzig-Yonathan-Klijnsma-Ponmocup.pdf

10、对Inquirer.net网站的input的xss逃逸利用

https://respectxss.blogspot.de/2015/12/is-escaping-option-there.html

11、攻击HTTP/2实现

https://yahoo-security.tumblr.com/post/134549767190/attacking-http2-implementations

12、有关Tor工作原理的3篇文章

http://jordan-wright.com/blog/2015/02/28/how-tor-works-part-one/

http://jordan-wright.com/blog/2015/05/09/how-tor-works-part-two-relays-vs-bridges/

http://jordan-wright.com/blog/2015/05/14/how-tor-works-part-three-the-consensus/

13、高级windows debugging

http://bxi.es/Reversing-Exploiting/Advanced_Windows_Debugging.pdf

14、HexPADS:一个基于主机的,性能计数器为基础的攻击检测系统

https://github.com/HexHive/HexPADS

15、T50:包注入工具

https://github.com/fredericopissarra/t50

16、MISP:恶意软件信息分享平台

https://github.com/MISP/MISP

17、指纹识别meterpreter反向http(https)会话

http://x42.obscurechannel.com/?p=197

18、通过机器学习捕捉恶意软件

https://blog.cylance.com/hunting-for-malware-with-machine-learning

19、研究人员发现quantum加密算法存有安全漏洞

https://www.researchgate.net/blog/post/researchers-find-security-hole-in-quantum-cryptography

20、CVE-2015-7755: Juniper ScreenOS认证后门分析

https://community.rapid7.com/community/infosec/blog/2015/12/20/cve-2015-7755-juniper-screenos-authentication-backdoor

21、t2-15挑战writeup

https://t2.fi/materials/solving-the-t2-15-challenge-winners-view-by-juha-kivekas.pdf

22、Angler EK最新CVE-2015-8446 Flash Exploit分析

http://blogs.360.cn/360safe/2015/12/19/angler-ek%E6%9C%80%E6%96%B0cve-2015-8446-flash-exploit%E5%88%86%E6%9E%90/

23、一个简单的ELASTICSEARCH蜜罐

http://securityblog.gr/3052/a-simple-elasticsearch-honeypot/

24、在FreeBSD's bhyve下运行windows

http://pr1ntf.xyz/windowsunderbhyve.html