1月15日每日安全知识热点

1.攻击HTTP/2实现

https://yahoo-security.tumblr.com/post/134549767190/attacking-http2-implementations

2.RPISEC的恶意软件分析学习教程

https://github.com/RPISEC/Malware

3.CVE-2015-5677 – FreeBSD bsnmpd信息泄露

https://pierrekim.github.io/blog/2016-01-15-cve-2015-5677-freebsd-bsnmpd.html

4.Roaming通过OpenSSH客户端: CVE-2016-0777 and CVE-2016-0778,其中CVE-2016-0777可通过 构造ssh恶意服务器,有可能泄漏客户端的内存私钥

https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt

5.分析恶意文件的cheatsheet

https://zeltser.com/media/docs/analyzing-malicious-document-files.pdf

6.通过一些字节从SMM到用户空间层

https://scumjr.github.io/2016/01/10/from-smm-to-userland-in-a-few-bytes/

7.短URL连接和恶意欺诈软件

https://blog.malwarebytes.org/security-threat/2016/01/when-url-shorteners-and-ransomware-collide/

8.密码hash比较

https://www.cs.auckland.ac.nz/~pgut001/pubs/phc.pdf

9.安全工具聚焦:使用rem-vbswork到移除自动运行的蠕虫

http://www.bleepingcomputer.com/review/security/security-tool-spotlight-use-rem-vbsworm-to-remove-autorun-worms/

10.cisco部分无线接入点产品包含硬编码的密码

http://securityaffairs.co/wordpress/43597/security/cisco-wireless-points-hardcoded-pwd.html

11.丝绸之路和暗网梦已死

http://www.wired.com/2016/01/the-silk-roads-dark-web-dream-is-dead/