7月08日-每日安全知识热点

技术类:

Experimenting with Post-Quantum Cryptography

https://security.googleblog.com/2016/07/experimenting-with-post-quantum.html

SQL盲注时每次请求时提取多位

http://howto.hackallthethings.com/2016/07/extracting-multiple-bits-per-request.html

一个命令行工具用于检测共享的密码

https://github.com/philwantsfish/shard

https://www.researchgate.net/publication/304789264_20160630_Whisper_in_the_Wire-Voice_Command_Injection_Reloaded

使用国际化域名进行Homograph攻击

https://hethical.io/homograph-attack-using-internationalized-domain-name/

Trello bug bounty:当team改成可见时候,付款信息可以发送到webhook

https://hethical.io/trello-bug-bounty-payments-informations-are-sent-to-the-webhook-when-a-team-changes-its-visibility/

Inspector : 面向andorid通过API HOOKS实行动态分析的开源工具

https://github.com/ac-pm/Inspeckage

webshell分析第三部分:每次都是一样的故事

https://dfir.it/blog/2016/07/06/webshells-every-time-the-same-story-dot-dot-dot-part-3/

线上监听:Voice命令注入

https://www.researchgate.net/publication/304789264_20160630_Whisper_in_the_Wire-Voice_Command_Injection_Reloaded

通过恶意扩展劫持用户实行欺诈

https://blog.perimeterx.com/hijacking-users-affiliate-fraud/

shodan发布一个世界范围内使用tp-link摄像头的地图,每款摄像头的统计在https://gist.githubusercontent.com/achillean/162a885c73b6b7c17c34b1e81b111ea1/raw/061a8015016f579b606063c557513f7db06eec06/dlink-products.csv,相关新闻报道在http://www.securityweek.com/serious-vulnerability-affects-over-120-d-link-products

https://dlink-report.shodan.io/

使用SxS重定向获取system权限

http://www.kernelmode.info/forum/viewtopic.php?f=11&t=3643&p=28833#p28833

在一个文件中体现5种已知的白名单绕过技术

https://github.com/subTee/AllTheThings

自动恶意软件分析:通过vbs脚本逃逸沙盒

http://joe4security.blogspot.it/2016/07/rise-of-vbs-evading-sandboxes.html

filealyzer更新到2.0.5.57

https://www.safer-networking.org/products/filealyzer/

Deviare是一个专业的开源hooking 引擎可以劫持任意win32函数

https://github.com/nektra/deviare2

Shodan HQ nmap 扫描插件

https://github.com/glennzw/shodan-hq-nse

攻击KeyStore

http://eprint.iacr.org/2016/677.pdf

bitdefender发布的Pacifier APT 组织报告

http://download.bitdefender.com/resources/media/materials/white-papers/en/Bitdefender-Whitepaper-PAC-A4-en_EN1.pdf

使用windbg分析恶意文档

https://thembits.blogspot.com/2016/06/loffice-analyzing-malicious-documents.html

Deciphering Malware’s use of TLS

http://arxiv.org/pdf/1607.01639v1.pdf

ADWIND RAT木马复出:针对丹麦公司

https://threatpost.com/adwind-rat-resurfaces-targeting-danish-companies/119060/

OpenCellular介绍:一个开源的无线访问平台

https://code.facebook.com/posts/1754757044806180/

资讯类:

新的adwind木马,杀毒软件零检测

http://news.softpedia.com/news/new-adwind-rat-campaign-with-zero-av-detection-targets-businesses-in-denmark-505974.shtml

杀软的战争:Sophos vs. Cylance

http://www.databreachtoday.com/blogs/anti-virus-wars-sophos-vs-cylance-p-2172

APT组织 ‘Patchwork’

https://threatpost.com/apt-group-patchwork-cuts-and-pastes-a-potent-attack/119081/?utm_source=dlvr.it&utm_medium=twitter

你的智能手表和手环如何跟踪你的手指操作,还原出你的ATM密码

http://www.tripwire.com/state-of-security/featured/smartwatch-fitness-tracker-atm-pin/

收购信息:

Avast以13亿美元现金收购AVG:Avast Software宣布以每股25美元溢价33%收购竞争对手AVG Technologies,收购报价合计约13亿美元。新闻稿称,两个公司的用户加起来超过4亿,其中移动用户1.6亿

http://thehackernews.com/2016/07/antivirus-avast-avg.html

数据泄露信息:

guccifer继续泄露DNC的文档

https://guccifer2.wordpress.com/2016/07/06/trumpocalypse/