
腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Android ] 如何在 Android Pie 上本地捕获系统跟踪: https://www.xda-developers.com/capture-system-trace-android-pie/
-
[ Browser ] 更改硬编码的 Chrome OS 区域设置: https://www.stackallocated.com/blog/2018/chromeos-locale/
-
[ Browser ] FireFox 新版本存储访问策略:阻止跟踪器中的 Cookie: https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Privacy/Storage_access_policy
-
[ Fuzzing ] 改善 AFL 在 QEMU 中的性能: https://abiondo.me/2018/09/21/improving-afl-qemu-mode/
-
[ IoTDevice ] IoTSecurity101 - IoT 渗透测试与 IoT 安全 101: https://github.com/V33RU/IoTSecurity101
-
[ macOS ] Apple 文件系统参考手册(PDF): https://developer.apple.com/support/apple-file-system/Apple-File-System-Reference.pdf
-
-
[ MalwareAnalysis ] Viro 僵尸网络勒索软件分析: https://blog.trendmicro.com/trendlabs-security-intelligence/virobot-ransomware-with-botnet-capability-breaks-through/
-
[ Others ] iOS 11.2.6 launchd 中的 Mach 端口替换漏洞,可以实现沙箱逃逸,权限提升和代码签名绕过(CVE-2018-4280) : https://github.com/bazad/blanket
-
[ ReverseEngineering ] SUPERCELL 逆向工程系列 Part 6: http://www.giovanni-rocca.com/reverse-engineering-supercell-part-6/
-
[ Tools ] libelfmaster - 安全的 ELF 解析/加载库,用于恶意软件的取证重建以及逆向工程: https://github.com/elfmaster/libelfmaster
-
[ Vulnerability ] Google Colaboratory 中的 XSS 漏洞披露: https://blog.bentkowski.info/2018/09/another-xss-in-google-colaboratory.html
-
[ Vulnerability ] BeVxCon 大会上 Google Project Zero 的 The good 0(ld) days,通过在二进制文件中寻找旧代码来发现 0day 漏洞: https://docs.google.com/presentation/d/16r_AUSWmtGw0CNxRg60VlTqkjBRxlvjEgxF10O0imk4/edit#slide=id.p
-
[ Vulnerability ] 对 VirtualBox 的攻击面分析和漏洞利用细节: https://twitter.com/_niklasb/status/1043066367442710528