腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Browser ] I just published “Postmortem of the Firefox (and Tor) Certificate Pinning Vulnerability Rabbit Hole” https://medium.com/p/postmortem-of-the-firefox-and-tor-certificate-pinning-vulnerability-rabbit-hole-bd507c1403b4
" 对 Firefox 刚刚修复的证书验证中间人劫持漏洞的分析: https://t.co/JPJWyUGFvU"
-
[ Browser ] Abusing WebVTT and CORS for fun and profit http://blog.k3170makan.com/2016/09/abusing-webvtt-and-cors-for-fun-and.html
" Abusing WebVTT and CORS for fun and profit: https://t.co/ScMpwTjTXm"
-
[ Hardware ] Copy2GO: Low cost copy lab for simple remote controls using TI-Chronos platform [PDF] http://courses.cs.tau.ac.il/embedded/projects/fall2013/watch-garage-door-opener.pdf #SDR https://t.co/AlxWmn9O3c
"Copy2GO - 基于 TI-Chronos 硬件平台的低成本远程控制: https://t.co/E7CX3S580Q "
-
[ Malware ] New post: Untangling the Ripper ATM Malware http://bit.ly/2cxpUWZ @ TrendMicro
" 关于 ATM 恶意软件-Ripper 的分析: https://t.co/EvOd5NRT3D "
-
[ Malware ] Detecting analysts before installing the malware. CVE-2016-3351 Patch bypass and analysis. https://www.brokenbrowser.com/detecting-apps-mimetype-malware/ https://t.co/Br7AdIWBF0
" 恶意软件作者常常在安装恶意软件之前检测分析人员的存在,CVE-2016-3351 补丁的绕过与分析: https://t.co/dVUzgCJhgT "
-
[ Obfuscation ] Anti-analysis techniques to weaken author classification accuracy in compiled executables https://kth.diva-portal.org/smash/get/diva2:927549/FULLTEXT01.pdf
" 分析对抗技术可以被用于削弱作者分类的精确性,Paper: https://t.co/oZFs3mNg1i"
-
[ Others ] In blog post, @ mozilla lists its 5-point wish list for government vulnerability disclosure https://blog.mozilla.org/netpolicy/2016/09/19/improving-government-disclosure-of-security-vulnerabilities/ https://t.co/sfhu7QdsWA
" Mozilla 在其博客上对政府漏洞披露情况列出了 5 点心愿: https://t.co/5USBAg7rLQ https://t.co/sfhu7QdsWA "
-
[ Pentest ] PowerUpSQL - A PowerShell Toolkit for Attacking SQL Server http://www.kitploit.com/2016/09/powerupsql-powershell-toolkit-for.html
"PowerUpSQL - 用于攻击 SQL Server 渗透工具套件: https://t.co/obyRr7iNwW "
-
[ Tools ] @ decalage2 @ DidierStevens Made a VBA p-code disassembler: https://github.com/bontchev/pcodedmp Added you two as collaborators. See the Todo section.
"pcodedmp.py - A VBA p-code disassembler︰ https://t.co/u3TdpGxJnV "
-
[ Tools ] etrace : Command-line tool for ETW tracing on files and real-time events : https://github.com/goldshtn/etrace cc @ goldshtn https://t.co/DsYYtNeoPv
"etrace - Windows ETW 事件实时处理命令行工具︰ https://t.co/kW2I7RG9dO "
-
[ Tools ] New side project. Win3mu - a Windows 3 emulator. What?? https://medium.com/@ CantabileApp/win3mu-part-1-why-im-writing-a-16-bit-windows-emulator-2eae946c935d#.mn5o9ngtg
" Win3mu - 一个 16 位 Windows 的模拟器: https://t.co/j9IqhxPbRk"
-
[ Web Security ] Combination of techniques lead to #DOM Based #XSS in #Google. http://sasi2103.blogspot.co.il/2016/09/combination-of-techniques-lead-to-dom.html #VRP #XSS #Google //cc:@ sirdarckcat
"几种技术组合在一起形成的 DOM XSS(Google): https://t.co/tqt3nbRNJX "
-
[ Windows ] My free eBook on tuning Windows for stable real-time audio work is now available! http://www.cantabilesoftware.com/glitchfree https://t.co/FHGQz0HFFl
" 关于 Windows 实时音频处理相关的一本电子书: https://t.co/ElfOgC84gu "
-
[ Windows ] COM Hijacking, or DLL Hijacking come back http://www.nobunkum.ru/analytics/en-com-hijacking
"Windows COM 劫持与 DLL 劫持: https://t.co/MOdfAsDMNA"
-
[ Windows ] Microsoft PerfView is now Open Source - github: https://github.com/Microsoft/perfview - news https://blogs.msdn.microsoft.com/vancem/2016/09/18/perfview-is-now-open-source-on-github/
"微软开源了性能分析工具 PerfView: https://github.com/Microsoft/perfview 官方的说明: https://t.co/dcKfDudvQx"
-
[ WirelessSecurity ] Bluetooth Penetration Testing Framework http://bluetooth-pentest.narod.ru/ #bluetooth #Pentest
"蓝牙渗透测试框架: https://t.co/qWhwasqDXV "
-
Xuanwu Spider via FreeBuf[ Windows ] 动手打造 Bypass UAC 自动化测试小工具,可绕过最新版 Win10: http://www.freebuf.com/sectool/114592.html