1月19日-每日安全知识热点

1.使用BetterCap 配合 “AddjavascriptInterface"漏洞自动pwn内网android设备

http://www.evilsocket.net/2016/01/18/autopwn-every-android-device-on-your-network-using-bettercap-the-and-addjavascriptinterface-vulnerability/

2.使用noriben几秒内创建恶意软件沙盒

http://www.ghettoforensics.com/2016/01/creating-malware-sandbox-in-seconds.html

3.分析sys_dynlib_prepare_dlcolose PS$内核堆溢出

http://cturt.github.io/dlclose-overflow.html

4.GUEB :二进制UAF静态分析器

https://github.com/montyly/gueb

5.免费的逆向工具列表

https://wiremask.eu/articles/free-reverse-engineering-tools/

6.一些有用的volatility插件

https://isc.sans.edu/forums/diary/Some+useful+volatility+plugins/20623

7.Purple Teaming:从RuxCon安全会议的slides学到的

http://carnal0wnage.attackresearch.com/2016/01/purple-teaming-lessons-learned-ruxcon.html

8.ChameleonMini:NFC安全分析工具:模拟/克隆/读取/嗅探RF数据

https://github.com/skuep/ChameleonMini

9.data URI用于钓鱼攻击

https://itsjack.cc/blog/2016/01/utilising-the-data-functionality-for-phishing-attempts/

10MacDBG:OSX上的C & Python debugging框架

https://github.com/blankwall/MacDBG/blob/master/talks_slides.pdf

11.从crash到exploit:CVE-2015-6086分析

http://www.payatu.com/from-crash-to-exploit/

12.ENISA发布漏洞披露最佳实践

https://www.enisa.europa.eu/media/press-releases/new-good-practice-guide-by-enisa-on-disclosing-vulnerabilities?

13.牢不可破的量子密钥分配研究paper

http://arxiv.org/pdf/1601.00993v1.pdf