腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Conference ] RECon 2017 会议的演讲视频公开了: https://recon.cx/2017/montreal/recordings/
-
[ Industry News ] CyberArk Labs 研究员称利用一种称为 Golden SAML 的技术可以伪造企业内部任意用户访问云上的资源: https://threatpost.com/saml-post-intrusion-attack-mirrors-golden-ticket/128993/ https://www.cyberark.com/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-cloud-apps/
-
[ Linux ] Linux mincore 内核未初始化堆内存信息泄漏,来自 Project Zero: https://bugs.chromium.org/p/project-zero/issues/detail?id=1431
-
[ Linux ] Linux x64 系统中的 Egg Hunting(搜寻长的 Shellcode 并执行)技巧: https://pentesterslife.blog/2017/11/24/x64-egg-hunting-in-linux-systems/
-
[ MachineLearning ] wesome-ml-for-cybersecurity - 优秀的网络安全机器学习资源整合: https://github.com/Biprodeep/awesome-ml-for-cybersecurity
-
[ Tools ] TLS-Redirection - TLS 重定向攻击介绍文档: https://github.com/GrrrDog/TLS-Redirection
-
[ Tools ] ThreatHunting - 在 Windows 系统中寻找威胁的 PowerShell 脚本: https://github.com/DLACERT/ThreatHunting
-
[ Tools ] htcap - Web 应用扫描器,可扫描 SPA: https://github.com/segment-srl/htcap