腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Android ] Universal Android SSL Pinning Bypass Part 2: https://techblog.mediaservice.net/2018/11/universal-android-ssl-pinning-bypass-2/
-
[ Browser ] Chrome WebAssembly.validate 中竞争条件导致的多个错误 : https://bugs.chromium.org/p/chromium/issues/detail?id=794091
-
[ Data Breach ] Voxox 的数据库泄漏,包括短信、双因素验证码等隐私数据: https://techcrunch.com/2018/11/15/millions-sms-text-messages-leaked-two-factor-codes
-
-
[ Linux ] 如何使用 Linux Kernel Runtime Guard (LKRG) 的详细介绍: https://www.defensive-security.com/blog/playing-with-linux-kernel-runtime-guard-lkrg
-
[ Linux ] Linux 嵌套用户命名空间破坏 uid/gid 映射(CVE-2018-18955) : https://www.exploit-db.com/exploits/45886
-
[ MalwareAnalysis ] OilRig Ops Tempo 攻击活动从测试阶段到武器化的分析: https://researchcenter.paloaltonetworks.com/2018/11/unit42-analyzing-oilrigs-ops-tempo-testing-weaponization-delivery/
-
[ MalwareAnalysis ] Microsoft Powerpoint 被用于传播恶意软件 Dropper : https://marcoramilli.blogspot.com/2018/11/microsoft-powerpoint-as-malware-dropper.html
-
[ Others ] OSCE/CTP 课程学习指南: https://aminbohio.com/study-guide-tips-offensive-security-certified-expert-osce-cracking-the-perimeter-ctp/
-
[ Tools ] LANs.py - 无线网络中间人攻击工具: https://github.com/DanMcInerney/LANs.py
-
[ Tools ] Arjun - 一款用于发现 HTTP 参数的工具 : https://github.com/s0md3v/Arjun
-
[ Tools ] James Forshaw 公开了其在 HITB-PEK 和 PacSec 2018 演讲中的Demo 代码 : https://twitter.com/i/web/status/1063542879023521792
-
[ Tools ] SaSHimi - 可以绕过 SSH 的 AllowTcpForwarding (端口转发)功能 : https://www.tarlogic.com/en/blog/sasshimi-evading-allowtcpforwarding/
-
[ Tools ] 如何使用 Frida 在加载并解密 PDF 的进程中转储文档的内容 : https://insinuator.net/2018/11/dumping-decrypted-documents-from-a-north-korean-pdf-reader/
-
[ Tools ] VmwareHardenedLoader - 一款对抗恶意代码的虚拟机检测工具 : https://github.com/hzqst/VmwareHardenedLoader
-
[ Vulnerability ] 对电子银行应用程序 ELBA5 中的漏洞介绍 : https://bogner.sh/2018/11/0-day-in-elba5s-network-installation-overtaking-your-companys-bank-account/
-
[ Web Security ] XXE 从基础到盲打: http://agrawalsmart7.com/2018/11/10/Understanding-XXE-from-Basic-to-Blind.html
