腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Fuzzing ] 深入理解 Domato Fuzzer 的自动化代码生成器引擎: https://www.sigpwn.io/blog/2018/4/14/domato-fuzzers-generation-engine-internals
-
[ Industry News ] 黑客通过赌场大厅鱼缸内的温度计偷到了在赌场中豪赌人的信息: http://www.businessinsider.de/hackers-stole-a-casinos-database-through-a-thermometer-in-the-lobby-fish-tank-2018-4
-
[ Tools ] pyt - 用于检测 Python Web 应用安全漏洞的静态扫描工具: https://github.com/python-security/pyt
-
[ Tools ] CredKing - 使用 AWS Lambda 轮换 IP 地址进行密码破解的工具: https://github.com/ustayready/CredKing
-
[ Tools ] awesome-firmware-security - 优秀的固件安全方向资源收集: https://github.com/PreOS-Security/awesome-firmware-security
-
[ Tools ] pown - Node.js 上的安全测试与漏洞利用框架: https://github.com/pownjs/pown
-
[ Tools ] 如何制作一个 Password Cracker: https://secapps.com/blog/2018/03/how-to-make-a-password-cracker
-
[ Tools ] yall.js - 高效的 JavaScript Lazy Load 脚本: https://github.com/malchata/yall.js
-
[ Web Security ] 滥用 Microsoft 的 XSS 过滤器绕过 CSP 防御: https://medium.com/bugbountywriteup/bypass-csp-by-abusing-xss-filter-in-edge-43e9106a9754
-
-
-
[ Conference ] 创新沙盒初探 (1) - RSAC2018之一: https://mp.weixin.qq.com/s/aiVCRboVeWXwope4zcho5A 创新沙盒初探 (2) - RSAC2018之二: https://mp.weixin.qq.com/s/KEF458q-88jzrpRq6JpCUA
-
-
[ MalwareAnalysis ] PaloAlto 对 WebMonitor 后门的详细分析,该后门以 C2aaS 方式运营,在线收费使用: https://researchcenter.paloaltonetworks.com/2018/04/unit42-say-cheese-webmonitor-rat-comes-c2-service-c2aas/
-
[ MalwareAnalysis ] 如何成为好的恶意软件分析师: http://www.hexacorn.com/blog/2018/04/14/how-to-become-the-best-malware-analyst-e-v-e-r/
-
-
-
-
[ Tools ] awesome-decompilation 整理 ,来自 nforest_ 's weibo: https://m.weibo.cn/status/4229107040613121