腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Android ] Reverse Engineering Xiaomi’s Analytics app. https less remote code execution in all devices https://www.thijsbroenink.com/2016/09/xiaomis-analytics-app-reverse-engineered/ by @ thijs_br
" 小米预装 APP AnalyticsCore 的逆向分析: https://t.co/KP2T9eOxqg "
-
[ Browser ] Blocking out-of-date Flash ActiveX controls https://blogs.windows.com/msedgedev/2016/09/13/blocking-out-of-date-flash/
" 从 2016 年 10 月 16 号开始,微软将阻止过期的 Flash ActiveX 控件的加载执行: https://t.co/dDsS794fK2"
-
[ Browser ] Introducing the Firefox debugger.html (modern JavaScript debugger) : https://hacks.mozilla.org/2016/09/introducing-debugger-html/
" debugger.html - Firefox 浏览器的 JavaScript 调试器︰ https://t.co/UNuRu5MX0b"
-
[ Debug ] Tips for Productive Debugging with GDB https://metricpanda.com/tips-for-productive-debugging-with-gdb
" GDB 调试器使用的一些小建议: https://t.co/E1o1slkdUv "
-
[ iOS ] Pangu's writeup on CVE-2016-4655, an XNU stack infoleak in OSUnserializeBinary; orig: http://blog.pangu.io/cve-2016-4655/; eng: https://translate.google.com/translate?sl=zh-CN&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=http%3A%2F%2Fblog.pangu.io%2Fcve-2016-4655%2F&edit-text=
" 盘古团队对本月 iOS 10 修复的 OSUnserializeBinary 信息泄漏漏洞的分析(CVE-2016-4655): http://blog.pangu.io/cve-2016-4655/ "
-
[ iOS ] 《BadURLScheme in iOS》 http://paper.seebug.org/42/
" 知道创宇黑哥发表的一篇关于 iOS BadURLScheme 漏洞的分析,据文中介绍,这个漏洞主要是在 iOS 对于 URL Scheme 及其在 UIWebView 等控件的自动诊断识别等处理机制下导致跨应用 XSS 漏洞: https://t.co/B4S6baw8TF "
-
[ macOS ] New LLDB Debugging Guide https://developer.apple.com/library/content/documentation/General/Conceptual/lldb-guide/chapters/Introduction.html
" LLDB 调试指南: https://t.co/wbyzvq5J2J"
-
[ Malware ] My slides from today's presentation at #SCS2016 (English version): https://drive.google.com/open?id=0Bzb5kQFOXkiSWkVZUG1BU0lnbVE
" SCS 2016 会议一篇关于 Petya 勒索软件的演讲 PPT︰ https://t.co/A7PKZCgPaz"
-
[ Malware ] New post: BkSoD by Ransomware: HDDCryptor Uses Commercial Tools to Encrypt Network Shares and Lock HDDs http://bit.ly/2cnnpq0 @ TrendMicro
" HDDCryptor - 利用商业工具加密网络共享和硬盘的勒索软件: https://t.co/nFV8IzweD8 "
-
[ Tools ] Building zer0m0n (@ cuckoosandbox kernel driver) using the non-existing 64-bit ReactOS Build Environment on Ubuntu https://cuckoo.sh/blog/zer0m0n-rosbe.html
" Cuckoo Sandbox 内核驱动模块 zer0m0n 与 ReactOS 构建环境: https://t.co/I1Fz6pQ6E1"
-
[ Tools ] #CodeXplorer binaries for IDASDK v6.95 on GitHub: https://github.com/REhints/HexRaysCodeXplorer/tree/master/bin/v2.0%20%5BBlackHat%20Edition%5D/IDA%206.95/Win Working on next version with refactored TypeREconstruction engine
"IDA v6.95 版本兼容的 HexRaysCodeXplorer 代码导航插件下载︰ https://t.co/6IXj7tVFdv "
-
[ Windows ] Kernel Pool Monitor gets revived by Pavel Yosifovich (http://blogs.microsoft.co.il/pavely/2016/09/14/kernel-pool-monitor-the-gui-version/) #Kernel #Windows
" Windows Kernel Pool Monitor 工具: https://t.co/ePncypS38s "