2017/1/6 資安晨摘

安全框架：

1.IoT Trust Framework v2.0 by OTA

2.《物聯網安全白皮書》ppt培訓課件 by NSFOCUS

3.物聯網安全白皮書 by 綠盟科技創新中心

4.Sandbox Best Practices Cheat Sheet by Thomas Roccia


PT姿勢：

1.通過Burp Collaborator插件利用SQL盲注 by dnet；翻譯：MottoIN


Honeypot：

1.High Interaction Honeypots with Sysdig and Falco by Dennis Panagiotopoulos


惡意軟體分析：

1.Technical analysis of CryptoMix/CryptFile2 ransomware by Jarosław Jedynak


漏洞分析：

1.Oracle的酒店管理平台RCE漏洞以及持卡人數據洩漏（CVE-2016-5663/4/5） by Jackson_T；翻譯：鳶尾

2.Android: Kernel memory corruption via unchecked pointer in tzic_ioctl by laginimaineb

3.Stack buffer overflow in OTP TrustZone trustlet by laginimaineb

4.unrtf: CVE-2016-10091: stack-based buffer overflows in cmd_* functions by Skylake


POC：

1.Firejail local root exploit by Sebastian Krahmer

2.vmware_vdp_known_privkey.rb by phroxvs


基礎概念教學：

1.我的通行你的證 by 呆子不開口

2.淺析ReDoS的原理與實踐 by MyKings

3.汽車ECU 升級初探 by vasthao

4.A Survey of Symbolic Execution Techniques by Roberto Baldoni1、Emilio Coppa、Daniele Cono D’Elia、Camil Demetrescu、Irene Finocchi

5.TLS Fingerprinting - a method for identifying a TLS client without decrypting by Kevin Stewart


學習資源：

1.FuzzySecurity Tutorials by Ruben Boonen


工具：

1.SQLChop - 一個新型SQL 注入檢測引擎 by 長亭科技

2.安卓無線滲透利器：Hijacker by CyberPunk；翻譯：secist

4.backdoorme - powerful auto-backdooring utility by Kkevsterrr

5.eyephish - OpenCV based IDN option generator PoC by phar

6.cintruder - automatic pentesting tool to bypass captchas by epsylon

7.afl-tools - American Fuzzy Lop with clang, qemu, triforce, and afl-dyninst support by moflow

8.Steghide - Brute Force Attack to Find Hide Information and Password in a file by Va5c0