腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Browser ] 关于在浏览器上私密浏览(Private Browsing Mode)上的一些误区(Paper): https://www.blaseur.com/papers/www18privatebrowsing.pdf
-
[ Browser ] Safari 技术预览版 62 发布: https://webkit.org/blog/8384/release-notes-for-safari-technology-preview-62/
-
[ Crypto ] Zinc 最小加密库介绍: https://git.kernel.org/pub/scm/linux/kernel/git/zx2c4/linux.git/commit/?h=zinc
-
[ Debug ] 使用 SlackBot, python, cdb 进行 crashdump 的自动分析: https://heejune.me/2018/08/01/crashdump-analysis-automation-using-slackbot-python-cdb-from-windows/
-
[ Industry News ] Microsoft 宣布将会于 8 月 8 日 揭晓 Top 100 Security Researcher 名单: https://blogs.technet.microsoft.com/msrc/2018/08/01/the-making-of-the-top-100-researcher-list/
-
[ Language ] PHP 的 cURL 选项 CRLF 注入: https://medium.com/@tomnomnom/crlf-injection-into-phps-curl-options-e2e0d7cfe545
-
[ macOS ] 真实的 Mac 系统入侵(Video): https://twitter.com/i/web/status/1024426947999424515
-
[ Malware ] 以色列 NSO Spyware 恶意软件最近开始将目标瞄准沙特人权组织成员: https://thehackernews.com/2018/07/iphone-hacking-spyware.html
-
[ MalwareAnalysis ] 使用 Osquery 进行恶意软件分析: https://www.alienvault.com/blogs/labs-research/malware-analysis-using-osquery-part-1
-
[ MalwareAnalysis ] FireEye 对 FIN7 犯罪团伙的追查分析: https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html
-
[ MalwareAnalysis ] 检测隐藏在证书文件中的 PowerShell 恶意代码 Part 2: https://blog.nviso.be/2018/08/01/powershell-inside-a-certificate-part-2/
-
[ Others ] 使用 InternetExplorer.Application 组件进行 C2 通信: https://adapt-and-attack.com/2017/12/19/internetexplorer-application-for-c2/
-
[ Others ] John Lambert 推荐的入侵分析入门学习文章系列: https://twitter.com/i/web/status/1024730325967036416
-
[ Pentest ] 使用 iqy 文件远程加载 payload 的技巧: https://twitter.com/i/web/status/1024430083010965505
-
[ Pentest ] 域渗透之使用 BloodHound / Crackmapexec / Mimikatz 获取域管权限: https://hausec.com/2017/10/21/domain-penetration-testing-using-bloodhound-crackmapexec-mimikatz-to-get-domain-admin/
-
[ Popular Software ] 福昕阅读器整数溢出漏洞分析(CVE-2018-14295): https://www.zerodayinitiative.com/blog/2018/8/01/throwing-shade-analysis-of-a-foxit-integer-overflow
-
[ Programming ] Burp Suite 扩展开发系列: https://prakharprasad.com/burp-suite-extension-development-series/
-
[ SCADA ] 工控系统中的四种威胁检测案例研究: https://dragos.com/blog/FourTypesOfThreatDetection.html
-
[ Tools ] pdb.exe 工具,用于下载 dll 的符号文件,在子文件夹中找到匹配的 .pdb : https://github.com/KirillOsenkov/MetadataTools/releases/tag/v1.0.6
-
[ Tools ] 2ndOrder - 用于检测二级子域名的 chrome 插件: https://github.com/1lastBr3ath/2ndOrder
-
[ Tools ] Ridrelay - 快捷简单获取域用户名的工具: https://github.com/skorov/ridrelay
-
[ Tools ] cloudgoat - 易受攻击的 AWS 基础架构配置工具: https://github.com/RhinoSecurityLabs/cloudgoat
-
[ Virtualization ] Windows 中基于虚拟化的内存完整性保护手段: https://techcommunity.microsoft.com/t5/Windows-Insider-Program/Windows-Defender-System-Guard-Making-a-leap-forward-in-platform/td-p/167303
-
[ Vulnerability ] Charles Proxy 4.2本地提权漏洞(CVE-2017-15358): https://www.exploit-db.com/exploits/45107/
-
[ Vulnerability ] Universal Media Server在处理 SSDP 时出现 XXE 漏洞(CVE-2018-13416): http://seclists.org/fulldisclosure/2018/Jul/94
-
[ Web Security ] 通过休眠服务劫持 Augur 漏洞分析: https://medium.com/@peter_szilagyi/augur-hijack-via-dormant-service-workers-bea254258f98
-
[ Windows ] 检测 Windows 10 上是否存在 Hypervisor: https://revers.engineering/detecting-hypervisor-presence-on-windows-10/
-
[ WirelessSecurity ] Screaming Channels:长距离探测芯片的侧信道信号,10米还原 AES128 密钥(Paper): http://s3.eurecom.fr/tools/screaming_channels/