
腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Android ] Android 应用安全加固策略研究(Paper) : https://www1.cs.fau.de/filepool/projects/nomorp/nomorp-paper-dimva2018.pdf
-
[ Browser ] Chrome 浏览器 gpu::gles2::StrictIdHandler::FreeIds 中的堆溢出漏洞(CVE-2018-6154): https://bugs.chromium.org/p/chromium/issues/detail?id=848914
-
[ Crypto ] VMHunt - 一种可验证的用于简化部分虚拟化 ByteCode 的方法: https://faculty.ist.psu.edu/wu/papers/vmhunt-ccs18.pdf
-
[ IoTDevice ] 车辆 Hacking 设置指南 Part 0: https://github.com/mortedamos/vehicle-hacking/wiki/Vehicle-Hacking-Setup-Guide:-Part-0:-Introduction
-
[ Linux ] Linux VMA vmacache_flush_all() 快速路径导致的 UAF 漏洞(CVE-2018-17182): https://bugs.chromium.org/p/project-zero/issues/detail?id=1664
-
[ Others ] 如何开机自动清理 APPLOCKER 本地规则: https://oddvar.moe/2018/09/28/applocker-making-sure-that-local-rules-are-removed/
-
[ Pentest ] 三种新的 DDE 混淆方法介绍: https://blog.reversinglabs.com/blog/cvs-dde-exploits-and-obfuscation
-
[ Programming ] 如何为 IDA Pro 开发 NIOS II 架构的反汇编模块: http://blog.ptsecurity.com/2018/09/how-we-developed-nios-ii-processor.html
-
[ ReverseEngineering ] 有关二进制分析的系列教程 : https://twitter.com/binitamshah/status/1045708787116584960
-
[ Tools ] injdrv - 通过 APC 将 DLL 注入用户模式进程概念验证的 Windows 驱动程序: https://github.com/wbenny/injdrv
-
[ Tools ] smda - 一个极简的递归反汇编库,它为从内存转储中精确恢复控制流图(CFG) 进行了优化: https://github.com/danielplohmann/smda
-
[ Tools ] JTool2 - 一款用于 iOS 逆向的工具: https://twitter.com/i/web/status/1045334827346661377
-
[ Vulnerability ] 一个 FreeBSD/bhyve 错误修复: https://reviews.freebsd.org/rS338957
-
-
[ Attack ] 事件分析 | 一起攻击者利用 Redis 未授权访问漏洞进行新型入侵挖矿事件: https://mp.weixin.qq.com/s/guCgsp3rgnL-KpPYBof7ZQ
-
[ Crypto ] Solo - 第一个支持 FIDO2 的开源安全密钥: https://hackernoon.com/solo-the-first-open-source-fido2-security-key-4b1b491c7bdb
-
[ Industry News ] Facebook 修复了一个影响 5000 万用户账户,可窃取访问令牌的漏洞,事件始末介绍 : https://newsroom.fb.com/news/2018/09/security-update/ https://www.nytimes.com/2018/09/28/technology/facebook-hack-data-breach.html
-
-
[ MalwareAnalysis ] VPNFilter 恶意软件第 3 阶段使用的多个功能模块分析: https://blog.talosintelligence.com/2018/09/vpnfilter-part-3.html
-
-
-
[ WirelessSecurity ] Ghostbuster: 发现隐藏的无线窃听者(Paper) : https://synrg.csl.illinois.edu/papers/ghostbuster-mobicom18.pdf