腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Android ] Android 逆向分析笔记: https://lichao890427.github.io/wiki/android%20reverse%20engineering/
-
[ Browser ] Chrome Null-dereference READ in blink::AudioNode::Handler(CVE- 2018-16067) : https://bugs.chromium.org/p/chromium/issues/detail?id=860522
-
[ Fuzzing ] 基于代码覆盖率的智能灰盒 Fuzzing 方法介绍 : https://arxiv.org/abs/1811.09447
-
[ Fuzzing ] 如何使用 afl fuzz pdfium : http://usmacd.com/2018/11/26/pdfium-fuzz.public/
-
[ Industry News ] 每周下载量达 200W 的 NPM 软件包 event-stream 被插入恶意代码 : https://github.com/dominictarr/event-stream/issues/116
-
[ iOS ] 如何对 iOS libMobileGestalt 进行反混淆: https://blog.timac.org/2018/1126-deobfuscated-libmobilegestalt-keys-ios-12/
-
[ Linux ] 多个在 Linux 中使用 Sandbox 的方法介绍: https://opensourceforu.com/2016/07/many-approaches-sandboxing-linux/amp/
-
[ Mobile ] Xiaomi Mi Pad 4 的内核源代码发布: https://www.xda-developers.com/xiaomi-mi-pad-4-kernel-source-finally-available/
-
[ Others ] PowerShell 约束语言模式与 Dot-Source 操作符介绍: https://blogs.msdn.microsoft.com/powershell/2018/11/26/powershell-constrained-language-mode-and-the-dot-source-operator/
-
[ Programming ] LLVM IR 汇编的 EBNF 语法 : https://github.com/llir/grammar
-
[ SecurityReport ] kaspersky 发布 2019 工业安全威胁预测: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/11/26142000/Threat-Predictions-for-Industrial-Security-in-2019.pdf
-
[ Tools ] PentestHardware - 硬件渗透测试手册: https://github.com/unprovable/PentestHardware
-
[ Tools ] Neutrino - Neutrino C2 源码: https://github.com/prsecurity/Neutrino
-
[ Tools ] 使用 radare2 逆向 iOS Swift 应用程序: https://grepharder.github.io/blog/0x01_intro_to_reversing_ios_swift_apps_with_radare2.html
-
[ Tools ] VMHunt - 用于分析虚拟化二进制代码的工具集: https://github.com/s3team/VMHunt
-
[ Tools ] dive - 一款按层分析 docker 镜像的工具,可以用于缩小 docker 镜像: https://github.com/wagoodman/dive
-
[ Tools ] IPv6 及扫描工具 IPv666 介绍: https://l.avala.mp/?p=285
-
[ Vulnerability ] 多个使用 DebugFS 的 Linux 内核驱动程序中的内存错误披露: http://blog.infosectcbr.com.au/2018/11/memory-bugs-in-multiple-linux-kernel.html
-
[ Vulnerability ] NUClear explotion,UEFI BIOS 安全性分享,来自 ZeroNights 2018 大会: https://embedi.com/event/nuclear-explotion/
-
[ Attack ] 绕过防护软件实施攻击的手法介绍: https://www.exploit-db.com/docs/english/45898-flying-under-the-radar.pdf
-
-
[ Exploit ] BlackHoodie 2018 中关于二进制漏洞利用的介绍及相关解题挑战 : https://github.com/tharina/BlackHoodie-2018-Workshop/
-
-
[ Tools ] ProcessSpawnControl - 一款帮助进行恶意软件行为分析的 Powershell 工具 : https://github.com/felixweyne/ProcessSpawnControl
-
[ Vulnerability ] Vanilla Forums 的多个远程代码执行漏洞细节披露 : https://twitter.com/i/web/status/1067025091391889408
-
[ Windows ] Windows 10 Security Wiki: https://www.peerlyst.com/posts/windows-10-security-wiki-guurhart