2月5日-每日安全知识热点
1.如果安装了Avastium(一个avast派生出来的chromium发行版),将会允许远程文件访问
https://code.google.com/p/google-security-research/issues/detail?id=679
2.使用Gladius,做responder的自动密码破解
https://www.praetorian.com/blog/gladius-automatic-responder-cracking
3.一个支持本地shell所有功能(比如tab补全)的socat反向全功能shell
https://github.com/cornerpirate/socat-shell
4.Racing MIDI messages in Chrome
http://googleprojectzero.blogspot.com/2016/02/racing-midi-messages-in-chrome.html
5.Shmoocon 2016安全会议视频
https://archive.org/details/shmoocon-2016
6.蜂鸟:持久手机链攻击
http://blog.checkpoint.com/2016/02/04/hummingbad-a-persistent-mobile-chain-attack/
7.T9000: 先进的模块化后门使用复杂的反分析技术
8.CVE-2015-2545: EMET 逃逸
http://casual-scrutiny.blogspot.in/2016/02/cve-2015-2545-itw-emet-evasion.html
9.TDL:Turla驱动载入, 绕过Windows x64驱动签名
https://github.com/hfiref0x/TDL
10.介绍视频反向工程
11.Apple iOS v9.1, 9.2 & 9.2.1 – Application Update Loop Pass Code Bypass
http://seclists.org/fulldisclosure/2016/Feb/32
12.MalwareBytes: 多个安全问题 (硬编码rc4密钥)
https://code.google.com/p/google-security-research/issues/detail?id=714
13.apple软件更新 2.1.3 (windows)远程代码执行
http://seclists.org/fulldisclosure/2016/Feb/28
14.hydracrypt恶意欺诈软件(一款新的几乎不被检测的恶意欺诈软件)