360-CERT每日安全简报
Daily Security Briefing
2020-03-30 星期一
漏洞 Vulnerability
CVE-2020-8816:Pi-hole远程代码执行漏洞
https://natedotred.wordpress.com/2020/03/28/cve-2020-8816-pi-hole-remote-code-execution/
安全工具 Security Tools
受保护的进程的轻量级转储工具
https://github.com/realoriginal/ppdump-public
WebKiller V2:工具信息收集
https://github.com/ultrasecurity/webkiller
安全报告 Security Report
Coinbugs(白皮书):列举常见的区块链实现级漏洞
https://research.nccgroup.com/wp-content/uploads/2020/03/NCC-Group-Whitepaper-Coinbugs.pdf
安全事件 Security Incident
Chubb保险公司调查了自己遭受的的勒索病毒攻击
https://hotforsecurity.bitdefender.com/blog/cybersecurity-insurance-firm-chubb-investigates-its-own-ransomware-attack-22753.html
Digibank数据库泄漏
https://twitter.com/Bank_Security/status/1242750294955569154
FIN7攻击组织通过邮寄带有恶意软件的USB设备进行攻击
https://www.bleepingcomputer.com/news/security/fbi-hackers-sending-malicious-usb-drives-and-teddy-bears-via-usps/
安全资讯 Security Information
Dharma勒索软件的源代码在黑客论坛上出售
https://www.zdnet.com/article/source-code-of-dharma-ransomware-pops-up-for-sale-on-hacking-forums/
安全研究 Security Research
使用x64dbg分析dll
https://medium.com/@tom_rock/reverse-engineering-tip-analyzing-a-dll-in-x64dbg-b3005d516049
禁用ASLR
https://medium.com/@tom_rock/reverse-engineering-tips-disabling-aslr-212835eb5acc
渗透测试安卓应用安全知识框架体系
https://www.huangmg.xyz/2019/10/23/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95%E5%AE%89%E5%8D%93%E5%BA%94%E7%94%A8%E5%AE%89%E5%85%A8%E7%9F%A5%E8%AF%86%E6%A1%86%E6%9E%B6%E4%BD%93%E7%B3%BB/#%E4%BB%A3%E7%A0%81%E5%AE%89%E5%85%A8
移动安全入门
https://books.nowsecure.com/secure-mobile-development/zh/primer/mobile-security.html
逆向工程学习:汇编指令
https://revers.engineering/applied-re-accelerated-assembly-p1/
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn