腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Browser ] Yandex 浏览器的 SDL 安全开发流程经验分享: https://yadi.sk/i/aOxmJ_xJ3PnrQW
-
[ Industry News ] 黑客利用 McAfee 站点的跳转漏洞伪装成 McAfee 官方发送钓鱼邮件: http://www.zdnet.com/article/mcafees-own-anti-hacking-service-exposed-users-to-banking-malware/
-
[ IoTDevice ] 如何黑掉无人机?一份持续更新的无人机漏洞与攻击工具列表: https://medium.com/@swalters/how-can-drones-be-hacked-the-updated-list-of-vulnerable-drones-attack-tools-dd2e006d6809
-
[ MachineLearning ] 机器学习,犯罪,以及自动化的未来: https://docs.google.com/presentation/d/16BWLRm4aNdxToJO-_63s1gLlw-hbSXlQE-jSzzsHkIw/edit#slide=id.p
-
[ Pentest ] 应用白名单绕过:msbuild.exe: https://blog.conscioushacker.io/index.php/2017/11/17/application-whitelisting-bypass-msbuild-exe/
-
[ Pentest ] 应用白名单绕过:regsvr32.exe: https://blog.conscioushacker.io/index.php/2017/11/17/application-whitelisting-bypass-regsvr32-exe/
-
[ Popular Software ] 0patch 对上周公开的 Office Equation 漏洞(CVE-2017-11882)的分析及提供的手动 Patch 方法: https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html
-
[ Popular Software ] CrowdShield 团队的研究员 1N3 分享了针对 FreeFloat、CoolPlayer、CesarFTP 等多款常用服务器软件的 Exploits: https://twitter.com/i/web/status/930830262505684997 https://github.com/1N3/Exploits
-
[ Tools ] LAPSToolkit - 对部署了 LAPS 解决方案的域环境的利用工具: https://github.com/leoloobeek/LAPSToolkit
-
[ Web Security ] Bypass 跨域策略(Crossdomain),搞定了 100 多个 Top Alexa Sites: https://medium.com/@know.0nix/bypassing-crossdomain-policy-and-hit-hundreds-of-top-alexa-sites-af1944f6bbf5