1月13日-每日安全知识热点

1.Adobe Flash Player ID3 (CVE-2015-5560) 标识解析整形溢出漏洞分析
https://blog.coresecurity.com/2016/01/12/analysis-of-adobe-flash-player-id3-tag-parsing-integer-overflow-vulnerability-cve-2015-5560/

2.绕过mcafee白名单应用认证

http://blog.sec-consult.com/2016/01/mcafee-application-control-dinosaurs.html

3.Raising the Dead:从死的windows进程到EoP

http://googleprojectzero.blogspot.com/2016/01/raising-dead.html

4.OWASP AppSensor 项目:检测应用程序的脆弱点

https://www.owasp.org/index.php/AppSensor_DetectionPoints

5.Angler Exploit Kit继续绕过检测: 超过90,000站点被入侵

http://researchcenter.paloaltonetworks.com/2016/01/angler-exploit-kit-continues-to-evade-detection-over-90000-websites-compromised/

6.使用winexe,wmi,volatility和Metabrik进行恶意软件分析

http://www.metabrik.org/blog/2016/01/09/malware-analysis-with-vm-instrumentation-wmi-winexe-volatility-and-metabrik/

7.多个漏洞影响Samsung SRN摄像头

http://blog.emaze.net/2016/01/multiple-vulnerabilities-samsung-srn.html

8.开源情报技术:自动发现社交媒体图片中的包含有武器的图片第一部分

http://www.automatingosint.com/blog/2016/01/osint-automatically-finding-weapons-in-social-media-images-part-1/

9.NCC 2016 欧洲会议概述

https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/january/ncc-con-europe-2016/

10.从Scratch中构建安全的应用安全程序:第一部分

https://blog.netspi.com/building-an-application-security-program-from-scratch-part-1/

11.xss漏洞导致键盘记录,摄像头劫持等等

http://neonprimetime.blogspot.ch/2016/01/xss-flaws-lead-to-keyloggingwebcams-more.html

12.apktool:一个android逆向工具

https://ibotpeaches.github.io/Apktool/