腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Android ] 上周五推送的 Janus Android APK 签名有效性漏洞(CVE-2017-13156),有研究员公开了 PoC: https://github.com/V-E-O/PoC/tree/master/CVE-2017-13156
-
[ Industry News ] 惠普笔记本的 SynTP.sys 驱动被发现内置 keylogger 功能,默认关闭,但是可以通过注册表键启用: https://zwclose.github.io/HP-keylogger/
-
[ MalwareAnalysis ] 安全研究人员发现 StrongPity2 间谍软件成为 FinFisher 的继承者被用在 MitM 攻击中: https://www.welivesecurity.com/2017/12/08/strongpity-like-spyware-replaces-finfisher/
-
[ MalwareAnalysis ] 针对 Mac 上恶意软件 HiddenLotus 的简单分析: https://blog.malwarebytes.com/threat-analysis/2017/12/interesting-disguise-employed-by-new-mac-malware/amp/
-
[ Others ] 利用差分 Fuzzing(Differential Fuzzing)的方法在编程语言(JavaScript、Perl、PHP、Python、Ruby)中找到可以被攻击利用的点。来自 BlackHat Europe 2017 会议的演讲: https://www.blackhat.com/docs/eu-17/materials/eu-17-Arnaboldi-Exposing-Hidden-Exploitable-Behaviors-In-Programming-Languages-Using-Differential-Fuzzing.pdf https://www.blackhat.com/docs/eu-17/materials/eu-17-Arnaboldi-Exposing-Hidden-Exploitable-Behaviors-In-Programming-Languages-Using-Differential-Fuzzing-wp.pdf
-
-
[ Windows ] 无需 powershell.exe,仅用一个 .csv 实现远程 Shell: https://twitter.com/i/web/status/939215702073991168