腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Attack ] 黑客在新的攻击中将目标瞄准 SSH 私钥文件: https://threatpost.com/hackers-take-aim-at-ssh-keys-in-new-attacks/128537/
-
[ Industry News ] IOTroop 僵尸网络正在快速传播,其影响程度很可能超过 Mirai: https://threatpost.com/iotroop-botnet-could-dwarf-mirai-in-size-and-devastation-says-researcher/128560/
-
[ Malware ] #软件供应链攻击# 上周五,macOS 媒体播放器 Elmedia Player 官网发了一个内嵌木马 OSX/Proton 的版本: https://www.welivesecurity.com/2017/10/20/osx-proton-supply-chain-attack-elmedia/
-
[ MalwareAnalysis ] 对恶意软件 Tofsee 的深入分析: https://www.cert.pl/en/news/single/a-deeper-look-at-tofsee-modules/
-
[ MalwareAnalysis ] Paloalto 研究员对 KASPERAGENT 和 MICROPSIA 兩款针对中东地区的恶意软件分析报告: https://researchcenter.paloaltonetworks.com/2017/10/unit42-badpatch/
-
[ Others ] 到底是 Bug 还是特性:Endgame 对 Office DDEAUTO(命令执行)的分析: https://www.endgame.com/blog/technical-blog/bug-feature-debate-back-yet-again-ddeauto-root-cause-analysis
-
[ Others ] 现代 JavaScript 与软件包管理器: https://medium.com/@peterxjang/modern-javascript-explained-for-dinosaurs-f695e9747b70
-
[ Tools ] Samsung TEEgris - 由三星提供的系统级安全解决方案,为 APP 提供基于 TrustZone 的 TEE 执行环境: http://developer.samsung.com/teegris
-
[ Tools ] evalyzer - 利用 WinDBG 来调试 JavaScript 的脚本: https://github.com/szimeus/evalyzer
-
[ Tools ] Web 前端工程师资料整理: https://github.com/thedaviddias/Resources-Front-End-Beginner
-
[ Virtualization ] VMware Escapology - ZDI 研究员对 VMware 架构的简单剖析以及对 HGFS 和 Pwn2Own 2017 DnD 拖放逃逸漏洞的分析。来自 DerbyCon 2017 会议: https://github.com/thezdi/derbycon2017/blob/master/VMware-Escapology.pdf
-
[ Vulnerability ] 索尼 PS4 namedobj 类型混淆漏洞的 Exploit:《The First PS4 Kernel Exploit: Adieu》,来自 fail0verflow: https://fail0verflow.com/blog/2017/ps4-namedobj-exploit/