腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

[ Android ] 内核镜像攻击的缓解措施： http://c0reteam.org/2019/01/02/ksma
[ Blockchain ] ActiveBreach - 通过以太坊区块链进行 C2 通信： https://www.mdsec.co.uk/2019/01/activebreach-powered-by-the-blockchain/
[ Browser ] Microsoft Edge Out-of-Memory 错误介绍： https://nafiez.github.io/security/memory/2019/01/02/Microsoft-Edge-Out-of-Memory-Issue.html
[ Crypto ] 密码学详细介绍： https://intensecrypto.org/public/index.html
[ MalwareAnalysis ] 莫里斯蠕虫所利用的漏洞分析： https://blog.rapid7.com/2019/01/02/the-ghost-of-exploits-past-a-deep-dive-into-the-morris-worm/
[ MalwareAnalysis ] 2018 年发现的 macOS 恶意软件的全面分析： https://objective-see.com/downloads/MacMalware_2018.pdf
[ Tools ] applepie - 一款用于 Fuzz 的虚拟机管理器: https://github.com/gamozolabs/applepie

[ Android ] Android 自动化黑盒测试中的细粒度代码覆盖率测量(Paper) ： https://arxiv.org/pdf/1812.10729.pdf
[ APT ] 腾讯安全2018年高级持续性威胁（APT）研究报告： https://mp.weixin.qq.com/s/F5hBw_pVithLlY6ixE0q-g
[ Challenges ] 35c3 CTF 中 V8 Math.expm1 类型错误漏洞的 Exploit 解题方法分享： https://abiondo.me/2019/01/02/exploiting-math-expm1-v8/ https://bugs.chromium.org/p/project-zero/issues/detail?id=1710
[ Hardware ] Marvell Avastar WiFi 研究 - 从零知识储备到无接触 RCE： https://2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-Avastar-Wi-Fi.pdf
[ IoTDevice ] 智能设备安全分析手册： https://book.yunzhan365.com/tkgd/lzkp/mobile/index.html
[ Tools ] eBPF 的教程和例子详细介绍： http://www.brendangregg.com/blog/2019-01-01/learn-ebpf-tracing.html
[ Vulnerability ] GIGABYTE 驱动本地提权漏洞披露： https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities
[ Windows ] SandboxEscaper 的 Windows 本地特权提升漏洞利用： https://github.com/SandboxEscaper/randomrepo/blob/master/PolarBearLpe.rar