2月15日-每日安全知识热点

1.IOT智能设备的一些默认配置的隐患

http://krebsonsecurity.com/2016/02/iot-reality-smart-devices-dumb-defaults/

2.使用Volatility提权FILEVAULT 2的密钥

https://tribalchicken.com.au/security/extracting-filevault-2-keys-with-volatility/

3.fuddly:fuzzing和数据处理框架

https://github.com/k0retux/fuddly

4.通过metasploit远程命令行下使用psr记录用户桌面操作

https://cyberarms.wordpress.com/2016/02/13/using-problem-steps-recorder-psr-remotely-with-metasploit/

5.防护mimikatz攻击

https://jimshaver.net/2016/02/14/defending-against-mimikatz/

6.Lobotomy的surgicalAPI功能介绍

http://www.lifeform-labs.com/blog/2016/2/14/lobotomy-leveraging-the-surgicalapi

7.针对 HydraCrypt 和UmbreCrypt 的恶意欺诈勒索软件的解密工具

http://blog.emsisoft.com/2016/02/12/decrypter-for-hydracrypt-and-umbrecrypt-available/

8.通过 Angler Exploit Kit分发的HydraCrypt恶意欺诈勒索软件的变种

https://blogs.mcafee.com/mcafee-labs/hydracrypt-variant-of-ransomware-distributed-by-angler-exploit-kit/

9.PadCrypt:第一款支持在线livechat解密的恶意欺诈勒索软件

http://www.bleepingcomputer.com/news/security/padcrypt-the-first-ransomware-with-live-support-chat-and-an-uninstaller/

10.情人节给下载攻击提供了完美机会

http://www.symantec.com/connect/ko/blogs/valentines-day-app-downloads-provide-perfect-opportunity-attacks

11.使用wireshark捕捉usb通信数据

http://xathrya.id/2016/02/06/capturing-usb-data-with-wireshark/

12.关注$.get和$.ajax函数

https://respectxss.blogspot.de/2016/02/keep-eye-on-get-and-ajax-functions.html

13.Solr 3.5.0 任意数据删除漏洞POC

https://www.exploit-db.com/exploits/39418/

14.PYTHON实现的一个随机密码生成的程序

https://www.alienvault.com/blogs/security-essentials/yet-another-random-password-generator-yarpg-a-python-tool