腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Linux ] 多种语言(php/python/perl)将 ELF 文件在内存中加载执行的方法介绍: https://blog.fbkcs.ru/en/elf-in-memory-execution/
-
[ Malware ] Linux/x86 - 杀死所有进程的 shellcode (14 bytes): https://www.exploit-db.com/exploits/46039
-
[ MalwareAnalysis ] 剖析 Cozy Bear 的恶意 LNK 文件: http://cyberforensicator.com/2018/12/23/dissecting-cozy-bears-malicious-lnk-file/
-
[ SecurityReport ] McAfee Labs 发布 2018 年 12 月份威胁报告: https://www.mcafee.com/enterprise/en-us/assets/reports/rp-quarterly-threats-dec-2018.pdf
-
[ Tools ] 如何通过 KSQL 和 HELK 对 Sysmon 进行实时处理: https://posts.specterops.io/real-time-sysmon-processing-via-ksql-and-helk-part-1-initial-integration-88c2b6eac839
-
[ Vulnerability ] Liberapay 处理 OpenID 时的 SSRF 漏洞披露: https://medium.com/@putracraft.theworld/server-side-request-forgery-in-openid-support-defcc64d5e41
-
[ Vulnerability ] systemd-tmpfiles 非终端符号连接导致的 root 特权提升漏洞披露(CVE-2018-6954): https://seclists.org/oss-sec/2018/q4/271https://github.com/systemd/systemd/issues/7986
-
[ Web Security ] 如何绕过 filter 和 WAF 规则对 PHP 远程代码执行漏洞进行利用: https://www.secjuice.com/php-rce-bypass-filters-sanitization-waf/
-
[ Windows ] 针对 Windows 事件跟踪日志篡改的攻防研究: https://medium.com/palantir/tampering-with-windows-event-tracing-background-offense-and-defense-4be7ac62ac63
-
[ APT ] 蔓灵花(BITTER)APT组织针对中国境内军工、核能、政府等敏感机构的最新攻击活动报告: https://www.freebuf.com/articles/database/192726.html
-
-
-
-
[ Vulnerability ] Adobe Flash ActiveX Plugin 28.0.0.137 远程代码执行 PoC: https://www.exploit-db.com/exploits/46051
-
[ Vulnerability ] phpMyAdmin 4.8.4 - 'AllowArbitraryServer' 任意文件读取 EXP: https://www.exploit-db.com/exploits/46041