
腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Android ] 现代 Android 中的网络钓鱼攻击: http://www.s3.eurecom.fr/projects/modern-android-phishing/
-
[ Browser ] Chrome Swiftshader 渲染器中存在一个浮点精度错误(CVE-2018-16069): https://bugs.chromium.org/p/chromium/issues/detail?id=848238
-
[ Browser ] Safari 技术预览版 66 发布: https://webkit.org/blog/8414/release-notes-for-safari-technology-preview-66/
-
[ Industry News ] 联合国由于系统配置失误导致大量密码和敏感数据泄露: https://theintercept.com/2018/09/24/united-nations-trello-jira-google-docs-passwords/
-
[ iOS ] iOS 11.3.1 JailbreakMe(Safari jailbreak)发布,针对 iPhone 8/8 Plus : https://twitter.com/iFenixx/status/1044925870727729152
-
[ Linux ] ELF 文件格式介绍 Part 3 Section Headers: https://blog.k3170makan.com/2018/09/introduction-to-elf-file-format-part.html
-
-
[ Linux ] Linux 内存管理中的缓存失效漏洞分析(CVE-2018-17182)及利用方法详细介绍,来自 Project Zero : https://googleprojectzero.blogspot.com/2018/09/a-cache-invalidation-bug-in-linux.html
-
[ Linux ] Linux - VMA Use-After-Free via Buggy vmacache_flush_all() Fastpath (CVE-2018-17182): https://www.exploit-db.com/exploits/45497/
-
[ MalwareAnalysis ] Malwarebytes 对使用 CVE-2018-8373 漏洞传播 Quasar RAT 恶意软件的活动分析 : https://blog.malwarebytes.com/threat-analysis/2018/09/buggy-implementation-of-cve-2018-8373-used-to-deliver-quasar-rat/
-
[ Popular Software ] Adobe Flash ActiveX - 空指针解除引用缺陷: https://nafiez.github.io/security/pointer/2018/09/25/adobe-flash.html
-
[ Popular Software ] Oracle 数据库中的 SQL 注入利用技巧 : https://medium.com/@Wflki/sql-injection-oracle-and-full-width-characters-13bb86fc034a
-
[ Popular Software ] Adobe Reader 导致代码执行的类型混淆漏洞的详细分析(CVE-2018-12794): http://www.4hou.com/vulnerable/13735.html
-
[ Protocol ] 对 MTA 邮件严格安全传输(MTA-STS)规范的详细介绍 : https://www.hardenize.com/blog/mta-sts
-
[ Tools ] 在后渗透测试中收集 Git 信息的 Metasploit 模块 Git-Enum 发布: https://blog.secarma.co.uk/labs/hacking-with-git-git-enum-metasploit-module-release
-
[ Tools ] Windows ATT&CK 日志分析备忘清单(PDF): https://static1.squarespace.com/static/552092d5e4b0661088167e5c/t/5b8f091c0ebbe8644d3a886c/1536100639356/Windows+ATT%26CK_Logging+Cheat+Sheet_ver_Sept_2018.pdf
-
[ Tools ] 一款用于检测 Windows PE 文件保护机制开启情况的工具 Winchecksec: https://blog.trailofbits.com/2018/09/26/effortless-security-feature-detection-with-winchecksec/
-
[ Tools ] SocialBox - 社交媒体账户密码暴力破解工具: https://github.com/TunisianEagles/SocialBox
-
[ Tools ] ads-payload - 通过执行 ADS 流文件以绕过端点防御的工具: https://github.com/ChrisAD/ads-payload
-
[ Vulnerability ] 剖析拥有 17 年历史的内核 bug (CVE-2018-6554、CVE-2018-6555),来自 BeVx 大会: https://cyseclabs.com/slides/bevx-talk.pdf
-
[ Crypto ] Bitslicing 是一种在软件中的实现策略,可实现不受缓存和时序相关的侧信道攻击的快速加密算法: https://timtaubert.de/blog/2018/08/bitslicing-an-introduction/
-
-
[ Windows ] Active Directory forest trusts Part 1 - SID 过滤是如何工作的: https://dirkjanm.io/active-directory-forest-trusts-part-one-how-does-sid-filtering-work/