资讯类
黑客突袭思科ASA漏洞(CVE-2018-0101)
https://www.bleepingcomputer.com/news/security/hackers-pounce-on-cisco-asa-flaw-cve-2018-0101/
英特尔发布Skylake处理器新的Spectre补丁
https://thehackernews.com/2018/02/intel-processor-update.html
Google漏洞奖励计划:2017年回顾
https://security.googleblog.com/2018/02/vulnerability-reward-program-2017-year.html
Swisscom 数据泄露:800,000名客户受到影响
http://www.zdnet.com/article/swisscom-data-breach-800000-customers-affected/
谷歌浏览器从2018年7月开始标记所有HTTP站点“不安全”
http://www.zdnet.com/article/in-security-push-chrome-to-mark-all-http-pages-as-non-secure/
苹果的iPhone的iBoot源代码泄漏在Github上
https://thehackernews.com/2018/02/iboot-ios-source-code.html
技术类
Google Project Zero 成员教你如何入门搞安全
谁家娃娃玩硬盘
Nessus插件的武器化
https://depthsecurity.com/blog/weaponization-of-nessus-plugins
如何黑掉Sonoff Wifi切换器 – 第3部分Alexa智能家居
http://blog.kilomon.com/2018/02/hacking-sonoff-wifi-switch-part-3-alexa.html
新的Mac cryptominer有23个旧的变种
新的Deepfakes论坛将采用Coinhive进行挖掘
https://blog.malwarebytes.com/cybercrime/2018/02/new-deepfakes-forum-goes-mining-with-coinhive/
UACME源码浅析
https://www.secpulse.com/archives/68255.html
使用Windows Installermsiexec.exe进行攻击
可执行和可链接的格式101.第2部分:符号
http://www.intezer.com/executable-linkable-format-101-part-2-symbols
InfoZip UnZip受多个缓冲区溢出安全漏洞
https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip
Hacking 101 to mobile data
https://insinuator.net/2018/02/hacking-101-to-mobile-data
Introducing Red Baron
一个基于熵的链接漏洞分析工具
https://jlospinoso.github.io/python/unfurl/abrade/hacking/2018/02/08/unfurl-url-analysis.html
Bounty Monitor
https://github.com/nashcontrol/bounty-monitor
3snake – 转储sshd和sudo凭据相关的字符串
https://github.com/blendin/3snake
评论