3月11日-每日安全知识热点

1.7.2p2以前版本的openssh并且开启了X11Forwarding的，可以通过xauth注入命令，实现读认证用户的文件以及信息泄露

http://www.openssh.com/txt/x11fwd.adv

2.CarolinaCon 12安全会议视频 

https://www.youtube.com/playlist?list=PLdh5UOMgeDvnwQaeXRc_iA_9GwHaD4gxX

3.CVE-2016-1562：DTE能源app非认证的“filter” 参数导致客户信息泄露 

http://jeffq.com/blog/dteenergy-insight/

4.Tiny 开源机器人介绍 

http://hackaday.com/2016/03/07/tiny-open-source-robot/

5.hostname主机名注入，有可能导致XSS 

https://community.rapid7.com/community/infosec/blog/2016/03/09/it-s-all-in-the-name

6.CODEMAP:"run-trace 可视化"二进制分析工具，以ida插件形式提供 

https://github.com/c0demap/codemap

7.Cobalt Strike 3.2 发行，支持x64 beacon 

http://blog.cobaltstrike.com/2016/03/10/cobalt-strike-3-2-the-inevitable-x64-beacon/

8.WireEdit：网络包修改工具介绍 

http://holisticinfosec.blogspot.com/2016/03/toolsmith-114-wireedit-and-packet.html

9.一个适应各种上下文的xss payload 

https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot

10.使用go实现websockets并发 

http://goroutines.com/10m

11.10个简单的方式缓解基于DNS的DDoS攻击 

http://blog.fortinet.com/post/10-simple-ways-to-mitigate-dns-based-ddos-attacks

12.Automobile Driver Fingerprinting 

http://www.autosec.org/pubs/fingerprint.pdf

13.解码恶意勒索软件第一部分 

http://www.scmagazine.com/decoding-ransomware-part-1/article/482188/

14.钓鱼者新建youtube频道实行钓鱼攻击 

http://www.symantec.com/connect/blogs/phishers-are-creating-youtube-channels-document-their-attacks

15.基于hypervisor的恶意软件分析 

http://www.slideshare.net/tklengyel/stealthy-hypervisorbased-malware-analysis

16.微软拥抱开源世界：发布定制版的debian 

http://www.theregister.co.uk/2016/03/09/microsoft_sonic_debian/

17.Android N预览：开发者api和工具 

http://android-developers.blogspot.tw/2016/03/first-preview-of-android-n-developer.html

18.取证挑战的mindmap 

http://www.amanhardikar.com/mindmaps/ForensicChallenges.html

19.jo:通过shell命令新建json 

http://jpmens.net/2016/03/05/a-shell-command-to-create-json-jo/

20.探索iOS上的物理地址空间 

http://embeddedideation.com/2016/03/10/exploring-the-physical-address-space-on-ios/

21.linux netfilter IPT_SO_SET_REPLACE 内存损坏漏洞 

https://code.google.com/p/google-security-research/issues/detail?id=758

22.详细分析从宏到支持ssl的payload 

http://community.hpe.com/t5/Security-Research/From-Macro-to-SSL-with-Shellcode-A-Detailed-Deconstruction/ba-p/6839623#.VuIiTHUrKtF

23.hexacorn开放DeXRAY.pl下载，该脚本可以揭秘基于x-ray算法或单字节XOR的PE文件 

http://www.hexacorn.com/blog/2016/03/11/dexray/

24.NSS在处理asn.1解码时可导致缓冲区溢出 

https://www.mozilla.org/en-US/security/advisories/mfsa2016-35

本文由 360安全播报 原创发布，如需转载请注明来源及本文地址。
本文地址：http://bobao.360.cn/news/detail/2825.html