
腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ iOS ] 通过 CSS 强制重启所有的 iOS 设备: https://twitter.com/pwnsdx/status/1040944750973595649
-
[ Pentest ] 使用 Metasploit 绕过 UAC 的多种方法: http://www.hackingarticles.in/multiple-ways-to-bypass-uac-using-metasploit/
-
[ Tools ] edm - HTTP MitM 攻击中感染文件的 POC 项目: https://github.com/LeonardoNve/edm
-
[ Mobile ] 对高通基带的逆向工程 : https://events.ccc.de/congress/2011/Fahrplan/attachments/2022_11-ccc-qcombbdbg.pdf
-
[ Others ] Mozilla 是如何保护其 GitHub 存储库不被恶意篡改的: https://blog.mozilla.org/security/2018/09/11/protecting-mozillas-github-repositories-from-malicious-modification/
-
-
[ Tools ] Octopus - WebAssembly 模块和 Blockchain Smart Contract的安全分析框架 : https://github.com/quoscient/octopus
-
[ Tools ] Aarch64PAC - ARM v8.3 - 指针验证扩展 : https://github.com/xerub/idastuff/blob/master/arm64/aarch64_pac/aarch64_pac.cpp
-
-
-
[ Web Security ] 使用 Python CGIHTTPServer 绕过注入时的 CSRF Token 防御: https://www.purehacking.com/blog/andre-onofre-lima/bypassing-csrf-tokens-with-pythons-cgihttpserver