作者:宁波慈城老朋友客栈 | 来源:互联网 | 2023-07-30 09:27
资讯类tomcat发布两个高危漏洞预警 http://tomcat.apache.org/security.html 全球网络犯罪造成的损失高达6000亿美元http://securityaffai
资讯类
tomcat发布两个高危漏洞预警
http://tomcat.apache.org/security.html
全球网络犯罪造成的损失高达6000亿美元
http://securityaffairs.co/wordpress/69401/cyber-crime/cybercrime-cost-2017.html
npm更新导致Linux系统崩溃,迫使用户重新安装
https://www.bleepingcomputer.com/news/linux/botched-npm-update-crashes-linux-systems-forces-users-to-reinstall/
英特尔发布Spectre补丁更新
https://www.bleepingcomputer.com/news/hardware/here-we-go-again-intel-releases-updated-spectre-patches/
代码签名证书买卖黑市的真实情况
https://www.bleepingcomputer.com/news/security/the-market-of-stolen-code-signing-certificates-is-too-expensive-for-most-hackers/
http://www.zdnet.com/article/hackers-are-selling-legitimate-code-signing-certificates-to-evade-malware-detection/
技术类
FINSPY VM UNPACKING教程第3部分:设备的虚拟化
http://www.msreverseengineering.com/blog/2018/2/21/finspy-vm-unpacking-tutorial-part-3-devirtualization
CVE-2018-6947漏洞利用教程
https://www.fidusinfosec.com/nomachine-road-code-execution-without-fuzzing-cve-2018-6947/
DEVSPIRTUALIZATION FINSPY,PHASE#1:反混淆FINSPY VM字节码程序
http://www.msreverseengineering.com/blog/2018/2/21/wsbjxrs1jjw7qi4trk9t3qy6hr7dye
伪造的ASIC(澳大利亚证券和投资委员会)利用钓鱼邮件传播恶意软件
https://www.trustwave.com/Resources/SpiderLabs-Blog/Fake-ASIC-Renewal-Spam-Delivers-Malware-to-Australian-Companies/
Nix技巧:SSH复用
https://0x00sec.org/t/stupid-nix-tricks-ssh-multiplexing/5583
荷兰DDoS攻击始末
https://securingtomorrow.mcafee.com/mcafee-labs/ddos-attacks-netherlands-reveal-teen-gamers-troublesome-path/
伪造代码签名证书的兴起
https://www.recordedfuture.com/code-signing-certificates/
保护物联网网络
https://blog.trendmicro.com/securing-iot-networks/
数说IoT僵尸网络
http://www.aqniu.com/learn/31650.html
Drive-by download campaign targets Chinese websites
https://blog.malwarebytes.com/threat-analysis/2018/02/chinese-criminal-experiments-with-exploits-in-drive-by-download-campaign/
SinVR漏洞利用分析
https://www.digitalinterruption.com/single-post/2018/02/22/Hacking-SinVR-for-fun-and-profit-and-free-adult-content
利用TAP适配器窃取哈希值
https://orangewirelabs.wordpress.com/2018/02/21/stealing-hashes-with-tap/
Wavpack 5.1.0 Denial of Service
https://cxsecurity.com/issue/WLB-2018020236
Web浏览安全性概述
https://sec.eff.org/articles/web-browsing-security
Wafid: WAF指纹识别工具
https://github.com/CSecGroup/wafid