12月24日-每日安全知识热点

1.EvilAbigail:针对Linux全磁盘加密的Evil Maid(邪恶女佣)攻击

http://blog.gdssecurity.com/labs/2015/12/23/introducing-evilabigail.html

2.Aethra Botnet:针对意大利的12000路由和IOT设备然后暴力破解WORDPRESS账号

http://voidsec.com/en/aethra-botnet-en/

3.通过srt caption 任意上传HTML到fackbook videos

http://philippeharewood.com/ability-to-upload-html-via-srt-caption-files-for-facebook-videos/

4.Heap Tracking

http://www.codereversing.com/blog/archives/286

5.Binwalk v2.1.1 发型

https://github.com/devttys0/binwalk/releases/tag/v2.1.1

6.FAUST CTF 2015: sell-your-soul

https://github.com/ctfs/write-ups-2015/tree/master/faust-ad-ctf-2015/sell-your-soul

7.DVNA:Node.js应用漏洞练习程序

https://github.com/quantumfoam/DVNA/

8.quickFuzz:语法fuzzer

http://quickfuzz.org/

9.Z/OS上的一些调试器/反编译器

http://www.bigendiansmalls.com/a-mostly-useful-debugger-on-zos/

10.ProxyBack 恶意软件在用户不知情的情况下将系统列为代理服务

http://researchcenter.paloaltonetworks.com/2015/12/proxyback-malware-turns-user-systems-into-proxies-without-consent/

11.IOT安全:hack我的医院

https://www.checkmarx.com/2015/12/16/internet-of-things-iot-hack-my-hospital/

12.f-secureOnlineScanner.exe允许任意(远程)代码执行和提权

http://seclists.org/fulldisclosure/2015/Dec/114

13.介绍给操作系统打后门

http://www.introtobackdoors.com/defcon22intotobackdoors.pdf

14.使用python shell绕过AV

http://www.dc423.org/static/files/bypassing_av_with_python_shells.pdf