腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Attack ] .NET Profiler DLL 劫持: https://github.com/djhohnstein/.NET-Profiler-DLL-Hijack
-
[ Attack ] 攻击 Tomcat Manager 的多种方法: https://www.hackingarticles.in/multiple-ways-to-exploit-tomcat-manager/
-
[ Browser ] Safari - Webkit Proxy Object 类型混淆漏洞 Metasploit 利用模块(CVE-2018-4233): https://www.exploit-db.com/exploits/45998
-
[ Browser ] 影响 Chromium 的 SQLite 漏洞 : 1) https://blade.tencent.com/magellan/index_en.html2) https://worthdoingbadly.com/sqlitebug/3) PoC : https://github.com/zhuowei/worthdoingbadly.com/blob/master/_posts/2018-12-14-sqlitebug.html
-
[ iOS ] iOS 渗透测试工具 Part 2: Cycript: https://www.allysonomalley.com/2018/12/13/ios-pentesting-tools-part-2-cycript/
-
[ Pentest ] 利用 Web 应用的下载漏洞窃取 NTLMv2 Hash: http://www.mannulinux.org/2018/12/how-to-steal-ntlmv2-hashes-using-file.html
-
[ Tools ] Gbhv - 一款简单的 x86-64 VT-x Hypervisor ,帮助学习使用和开发 VT-X 硬件虚拟化技术: https://github.com/Gbps/gbhv
-
[ Tools ] raw-socket-sniffer - 不需要驱动程序的 Windows 上的抓包工具: https://github.com/nospaceships/raw-socket-sniffer