腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Exploit ] 缓冲区溢出如何通过 JIT Spray ROP 来进行利用详细介绍: https://github.com/bcdannyboy/Research/blob/master/JIT-SprayedROP.pdf
-
[ Mobile ] 使用 FRIDA 绕过 SSL Pinning 的教程: http://omespino.com/tutorial-universal-android-ssl-pinning-in-10-minutes-with-frida/
-
[ Others ] MD5/SHA1 Hash 碰撞研究: https://github.com/corkami/pocs/blob/master/collisions/README.md
-
[ Pentest ] Pass-the-Cache 攻击活动目录: https://medium.com/@jamie.shaw/pass-the-cache-to-domain-compromise-320b6e2ff7da
-
[ Tools ] LiveCloudKd - 专注于内存取证的 Hyper-V 虚拟机程序 : https://github.com/comaeio/LiveCloudKd
-
[ Tools ] 一些实用的系统小工具集合 : https://github.com/zodiacon/AllTools/tree/master
-
[ Vulnerability ] Razer “Cortex” 启用了 Chromium Embedded Debugger stub,默认允许任意远程命令执行,来自 Project Zero: https://bugs.chromium.org/p/project-zero/issues/detail?id=1742&;desc=3
-
[ Vulnerability ] Google Code-in 在线编程竞赛网站对 JSON 数据转义不正确而导致的 XSS 漏洞披露: https://blog.thomasorlita.cz/vulns/google-code-in-xss/
-
[ Windows ] ldap_search - 用于枚举 Windows 域信息的工具: https://github.com/m8r0wn/ldap_search
-
[ Exploit ] 漏洞利用开发教程: Egghunter 技术介绍: http://www.primalsecurity.net/0x8-exploit-tutorial-the-elusive-egghunter/
-
[ IoTDevice ] 家用路由器 Linux/MIPS 架构中的漏洞研究: https://cyber-itl.org/2018/12/07/a-look-at-home-routers-and-linux-mips.html
-
[ Pentest ] 攻击对外开放的 Docker API 接口: https://medium.com/@riccardo.ancarani94/attacking-docker-exposed-api-3e01ffc3c124