1月6日-每日安全知识热点

1.DOM XSS 101 Walk-Through

http://neonprimetime.blogspot.com/2016/01/dom-xss-101-walk-through.html

2.DDOS.TF:新的ELF&WIN32 DDOS服务利用ASP + PHP/MYSQL MOF WEBSHELL

http://blog.malwaremustdie.org/2016/01/mmd-0048-2016-ddostf-new-elf-windows.html

3.微软office 通过浏览器进行dll hijacking(ms15-132)

https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/january/remote-exploitation-of-microsoft-office-dll-hijacking-ms15-132-via-browsers/

4.移动设备的中间人攻击

https://www.astechconsulting.com/blog/2016/maninthemiddle-for-mobile/

5.创建一个可防御的树莓派

http://www.tripwire.com/state-of-security/security-data-protection/sweet-security-part-2-creating-a-defensible-raspberry-pi/

6.在ios应用中绕过openssl Certificate Pinning

https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2015/january/bypassing-openssl-certificate-pinning-in-ios-apps/

7.SANS Holiday Hack Write-up

https://www.praetorian.com/blog/engineer-spotlight-cory-duplantis-and-the-2015-sans-holiday-hack-write-up

8.blockchain单一的危险性

https://tonyarcieri.com/on-the-dangers-of-a-blockchain-monoculture

9.node.js远程内存泄露漏洞

https://nodesecurity.io/advisories/67

10.Ubuntu 14.04 LTS, 15.10 overlayfs本地提权

https://www.exploit-db.com/exploits/39166/

11.MyROP:Rop tool for arm

https://github.com/hitmoon/MyRop

12.新的TeslaCrypt欺诈软件通过垃圾邮件分发

https://blogs.mcafee.com/mcafee-labs/new-teslacrypt-ransomware-arrives-via-spam/

13.panda插件文档

https://github.com/moyix/panda/blob/master/docs/Plugins.md

14.zeroAccess使用DLL loading技术

http://www.neutralizethreat.com/2016/01/dll-loading-technique-used-in-zeroaccess.html

15.HTML5 Security Cheat Sheet

http://www.net-security.org/secworld.php?id=19279