腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Attack ] 如何对 ATM 进行逻辑攻击 : https://www.ptsecurity.com/upload/corporate/ww-en/analytics/ATM-Vulnerabilities-2018-eng.pdf
-
[ MalwareAnalysis ] 针对使用 Exodus 的 Mac 用户的垃圾邮件活动: https://labsblog.f-secure.com/2018/11/02/spam-campaign-targets-exodus-mac-users
-
[ Pentest ] 绕过蓝队检测的技巧分享: http://www.hexacorn.com/blog/2018/11/17/a-few-more-anti-blueteam-ideas/
-
[ Tools ] IMSI-catcher - 可以发现附近手机的 IMSI、国家、品牌和运营商等信息的工具: https://motherboard.vice.com/en_us/article/gy7qm9/how-i-made-imsi-catcher-cheap-amazon-github
-
[ Tools ] pacu - 针对 AWS 云的漏洞利用框架: https://github.com/RhinoSecurityLabs/pacu
-
[ Tools ] JSgen.py - 为 Node.js SSJI 生成正向和反向Shell 的工具: https://pentesterslife.blog/2018/06/28/jsgen/
-
[ Vulnerability ] JBoss 反序列化导致的远程代码执行漏洞(CVE-2018-14667) : https://access.redhat.com/solutions/3660371