腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Industry News ] 攻击者通过 BGP 劫持修改网络支付系统 DNS 记录: https://blogs.oracle.com/internetintelligence/bgp-dns-hijacks-target-payment-systems
-
[ IoTDevice ] 创建密钥生成器重置海康威视IP摄像机的管理员密码: https://neonsea.uk/blog/2018/08/01/hikvision-keygen.html
-
[ Linux ] Linux 内核 UDP 分段偏移(UFO)提权漏洞 MSF 利用模块: https://www.exploit-db.com/exploits/45147/
-
[ macOS ] Mach-O 链接和加载技巧: http://blog.darlinghq.org/2018/07/mach-o-linking-and-loading-tricks.html
-
[ MalwareAnalysis ] KOVTER 点击欺诈型恶意软件分析报告发布: https://twitter.com/x0rz/status/1025312029320642560/photo/1
-
[ Tools ] JPCERT/CC 开发了一款用于检测 Cobalt Strike Beacon 的 Volatility 插件: https://blog.jpcert.or.jp/2018/08/volatility-plugin-for-detecting-cobalt-strike-beacon.html GitHub: https://github.com/JPCERTCC/aa-tools/blob/master/cobaltstrikescan.py
-
[ Tools ] BurpSuite 的新爬虫模型介绍: https://portswigger.net/blog/burps-new-crawler
-
[ Tools ] GOLDFIN - 使用 SOCKSBOT 木马针对独联体国家的持久化攻击活动调查: https://www.accenture.com/t00010101T000000Z__w__/gb-en/_acnmedia/PDF-83/Accenture-Goldfin-Security-Alert.pdf
-
[ Vulnerability ] Coinbase Kiteworks 服务的 AngularJS DOM XSS 漏洞详情披露: http://www.paulosyibelo.com/2017/07/coinbase-angularjs-dom-xss-via-kiteworks.html