2月5日-每日安全知识热点

1.如果安装了Avastium(一个avast派生出来的chromium发行版)，将会允许远程文件访问

https://code.google.com/p/google-security-research/issues/detail?id=679

2.使用Gladius，做responder的自动密码破解

https://www.praetorian.com/blog/gladius-automatic-responder-cracking

3.一个支持本地shell所有功能(比如tab补全)的socat反向全功能shell

https://github.com/cornerpirate/socat-shell

4.Racing MIDI messages in Chrome

http://googleprojectzero.blogspot.com/2016/02/racing-midi-messages-in-chrome.html

5.Shmoocon 2016安全会议视频

https://archive.org/details/shmoocon-2016

6.蜂鸟：持久手机链攻击

http://blog.checkpoint.com/2016/02/04/hummingbad-a-persistent-mobile-chain-attack/

7.T9000: 先进的模块化后门使用复杂的反分析技术

http://researchcenter.paloaltonetworks.com/2016/02/t9000-advanced-modular-backdoor-uses-complex-anti-analysis-techniques/

8.CVE-2015-2545： EMET 逃逸

http://casual-scrutiny.blogspot.in/2016/02/cve-2015-2545-itw-emet-evasion.html

9.TDL:Turla驱动载入, 绕过Windows x64驱动签名 

https://github.com/hfiref0x/TDL

10.介绍视频反向工程

https://fosdem.org/2016/schedule/event/video_reverse_eng/attachments/slides/1129/export/events/attachments/video_reverse_eng/slides/1129/17_vittorio.pdf

11.Apple iOS v9.1, 9.2 & 9.2.1 – Application Update Loop Pass Code Bypass

http://seclists.org/fulldisclosure/2016/Feb/32

12.MalwareBytes: 多个安全问题 （硬编码rc4密钥）

https://code.google.com/p/google-security-research/issues/detail?id=714

13.apple软件更新 2.1.3 （windows)远程代码执行

http://seclists.org/fulldisclosure/2016/Feb/28

14.hydracrypt恶意欺诈软件（一款新的几乎不被检测的恶意欺诈软件）

https://reaqta.com/2016/02/hydracrypt-ransomware