腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Backdoor ] 修改 PHP 扩展作为持久后门: https://x-c3ll.github.io/posts/PHP-extension-backdoor/
-
[ Browser ] Microsoft Edge 中的 Web 身份验证介绍: https://blogs.windows.com/msedgedev/2018/07/30/introducing-web-authentication-microsoft-edge/
-
[ Challenges ] 由 Hack the Box 发布的 Aragog CTF 挑战赛演练: http://www.hackingarticles.in/hack-the-box-aragog-walkthrough/
-
[ Cloud ] OpenNebula 4.6.1 云平台中的 DOS 漏洞分析: https://web-in-security.blogspot.com/2018/07/save-your-cloud-dos-on-vms-in.html
-
[ Crypto ] 使用 Terraform 自动化部署 Hashcat 集群 Part 1: https://www.trillsecurity.com/tutorials/automating-hashtopolis-with-terraform-part-i/
-
[ Firmware ] Dxe 驱动的载入流程: https://lists.01.org/pipermail/edk2-devel/2018-July/027684.html
-
[ Forensics ] 云计算取证研究的文献计量分析(Paper): https://arxiv.org/abs/1807.10436
-
[ IoTDevice ] 有安全人员发现在某些智能车被转卖后,原拥有者任然可以通过在线管理账户远程地操控汽车及接触到现买主的个人信息: https://threatpost.com/connected-car-apps-open-privacy-hole-for-used-car-buyers/134549/
-
[ Linux ] 在 SELinux 启用状态下,可绕过 fusermount 对 allow_other 选项使用的限制(CVE-2018-10906): https://bugs.chromium.org/p/project-zero/issues/detail?id=1616
-
[ MachineLearning ] 利用支持向量机(SVM)进行基于 Opcode 密度的加密勒索软件检测(paper): https://arxiv.org/abs/1807.10442
-
[ MalwareAnalysis ] 应用开发生命周期中的隐藏恶魔:大量 Google Play 应用受 Windows 恶意软件感染,来自 Unit 42: https://researchcenter.paloaltonetworks.com/2018/07/unit42-hidden-devil-development-life-cycle-google-play-apps-infected-windows-executable-files/
-
[ MalwareAnalysis ] 逆向分析银行木马 Qakbot 的核心功能 Part 1: https://www.vkremez.com/2018/07/lets-learn-in-depth-reversing-of-qakbot.html
-
[ MalwareAnalysis ] 一份针对 Pegasus 银行木马的网络行为分析报告: http://blog.ptsecurity.com/2018/07/pegasus-analysis-of-network-behavior.html
-
[ Popular Software ] Craft CMS 的 SEOmatic <=3.1.3 插件 SSTI 漏洞分析(CVE-2018-14716): http://ha.cker.info/exploitation-of-server-side-template-injection-with-craft-cms-plguin-seomatic/
-
[ Popular Software ] Avecto Defendpoint 多个漏洞详情披露(CVE-2017-16245 & CVE-2017-16246) : https://labs.nettitude.com/blog/cve-2017-16245-cve-2017-16246-avecto-defendpoint-multiple-vulnerabilities/
-
[ SecurityProduct ] 如何开启 Windows Defender 的垃圾软件拦截功能: https://www.howtogeek.com/360648/how-to-enable-windows-defender%E2%80%99s-secret-crapware-blocker/
-
[ Tools ] WMImplant 工具原理介绍: https://www.fortynorthsecurity.com/mass-powershell-and-wmimplant/
-
[ Tools ] 获取由 Powershell 操作 lsass.exe 进程生成的恶意事件的脚本: https://twitter.com/i/web/status/1023721520215019522
-
[ IoTDevice ] Sony IPELA E 系列网络摄像头远程命令执行漏洞预警: https://paper.seebug.org/655/ ZoomEye Data Analysis Report - NEO Coolcam's Webcam Vulnerabilities: https://paper.seebug.org/652/
-
-
-
-
[ Pentest ] SQL 盲注技巧分享: https://medium.com/@tomnomnom/making-a-blind-sql-injection-a-little-less-blind-428dcb614ba8