腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Android ] LOKIBOT - 第一款混合型 ANDROID 恶意软件: https://clientsidedetection.com/lokibot___the_first_hybrid_android_malware.html
-
[ Industry News ] 最近的 Sofacy 行动将安全研究人员定为攻击目标: https://threatpost.com/latest-sofacy-campaign-targeting-security-researchers/128576/
-
[ Others ] 专注 Hacking 大型多用户角色扮演游戏的 20 年,来自 DEFCon 25,视频: https://www.youtube.com/watch?v=PfbMZJsb1cQ
-
[ Popular Software ] 微软 Office DDEAUTO 攻击方式出现之后,大多数杀软引擎的检测方法是基于 YARA 规则。SensePost 的研究员昨天又写了一篇 Blog,谈 Word 样本的混淆可以绕过这种基于 YARA 的检测: https://staaldraad.github.io/pentest/phishing/dde/2017/10/23/msword-field-codes/
-
[ SecurityProduct ] Cisco ASA 系列第 5 部分:libptmalloc gdb 插件: : https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/october/cisco-asa-blog-series-part-five-libptmalloc-gdb-plugin/
-
[ Symbolic Execution ] 在 S2E 中利用定向符号执行的方法处理文件 Parsers,解决路径爆炸的问题: https://adrianherrera.github.io/post/kaitai-s2e/
-
[ Tools ] MWR Labs 昨天开源了它们的 macOS Kernel Fuzzer: https://github.com/mwrlabs/OSXFuzz
-
[ Tools ] SharpHound - C# 重写的 BloodHound Ingestor,它用图论的形式展示 Active Directory 环境中的节点的关系: https://github.com/BloodHoundAD/BloodHound https://github.com/BloodHoundAD/SharpHound https://posts.specterops.io/sharphound-technical-details-3b6323b205b2
-
[ Windows ] 微软更新了一篇介绍 Windows Defender Exploit Guard 的文章《Windows Defender Exploit Guard: Reduce the attack surface against next-generation malware》: https://blogs.technet.microsoft.com/mmpc/2017/10/23/windows-defender-exploit-guard-reduce-the-attack-surface-against-next-generation-malware/
-
-
-
[ Industry News ] Twitter 上有研究员称 WannaLocker 仍然活跃在国内。而且还贴出了疑似开发者的个人贴吧主页: https://twitter.com/virqdroid/status/922369333300547584
-
[ iOS ] 分享《手把手教你突破iOS 9.x 的用户空间防护》,来自 Proteas 的微博: https://www.weibo.com/1290630720/FrHTGxwjH?type=comment
-
[ SecurityProduct ] K7 Total Security 设备驱动程序任意内存读取漏洞披露,含POC: https://blogs.securiteam.com/index.php/archives/3435
-
-
-
[ Windows ] Windows Defender Application Control 介绍: https://blogs.technet.microsoft.com/mmpc/2017/10/23/introducing-windows-defender-application-control/?ocid=cx-twitter-mmpc