热点概要：54万辆汽车密码泄露、Coinhive已成为当前最火恶意程序、Retefe——通过永恒之蓝传播的银行木马、Linux木马利用IOT设备发送垃圾邮件、DenyAll WAF RCE漏洞、Optionsbleed实践、利用深度学习优化密码猜解PassGAN。

资讯类：

54万辆汽车密码泄露

http://thehackernews.com/2017/09/hacker-track-car.html

Coinhive已成为当前最火恶意程序

https://www.bleepingcomputer.com/news/security/coinhive-is-rapidly-becoming-a-favorite-tool-among-malware-devs/

Retefe——通过永恒之蓝传播的银行木马

http://securityaffairs.co/wordpress/63332/malware/retefe-banking-trojan-eternalblue.html

Linux木马利用IOT设备发送垃圾邮件

http://thehackernews.com/2017/09/linux-malware-iot-hacking.html

技术类：

DenyAll WAF RCE漏洞

https://www.exploit-db.com/exploits/42769/?rss&utm_source=dlvr.it&utm_medium=twitter

.NET反序列化Payload生成

https://github.com/pwntester/ysoserial.net

基于Python的TCP后门

https://github.com/TheBlaCkCoDeR09/Python_Reverse_TCP

使用Nikto进行基本测试

http://www.hackingtutorials.org/web-application-hacking/scanning-webservers-vulnerabilities-with-nikto/

Optionsbleed实践

https://www.securitysift.com/testing-optionsbleed/

利用深度学习优化密码猜解PassGAN

https://threatpost.com/deep-learning-passgan-tool-improves-password-guessing/128039/

嗅探Gotenna数据包并获取投票人数据库

https://www.hak5.org/episodes/season-22/hak5-2221-sniffing-gotenna-packets-and-voter-database-privacy-problems-at-def-con-25