腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Android ] Security Assessment of BlackBerry Messenger for Android - https://cedricvb.be/wp-content/files/bbm-report.pdf
"即时通信工具 BlackBerry Messenger Android 版本安全评估 https://t.co/O9Fi5AunjC"
-
[ Android ] CopperheadOS - security hardened Android http://goo.gl/GzrXCU
"CopperheadOS - 安全加固版本的 Android 系统,开源: https://t.co/y1RNGLJ19D"
-
[ Device ] UPC Router WPA2 pass recovery tool : http://haxx.in/upc_keys.c
"UPC 路由器 WPA2 密码恢复工具, .c 文件下载: https://t.co/Bz9W3O4vNu"
-
[ Fuzzing ] Retweeted Binni Shah (@ binitamshah): The Art of Fuzzing without Fuzzing : https://github.com/bnagy/slides/blob/master/fuzzing_without_pub.pdf (Slides) cc:... http://fb.me/7XzHCOHpr
"The Art of Fuzzing without Fuzzing,来自 Ben Nagy Github: https://t.co/Ou39znI1HQ https://t.co/zW70JvvuL0"
-
[ iOS ] itrace ios private methods https://github.com/waruqi/itrace
"itrace - Trace iOS/Mac 的私有方法,来自 waruqi https://t.co/Jbg3zngYjP "
-
[ Linux ] CVE-2014-2851 Linux Kernel group_info UAF Exploitation https://cyseclabs.com/page?n=02012016
"Linux 内核 group_info UAF 漏洞利用(CVE-2014-2851) https://t.co/AJDk9aJVtO "
-
[ Linux ] Blog Post: Compiler-Introduced Double-Fetch Vulnerabilities – Understanding XSA-155 - http://tkeetch.co.uk/blog/?p=58
"编译器引入的 Double-Fetch 漏洞(XSA-155),共享内存应该被标记为 volatile,避免编译器优化引入 Double-Fetch Bug: https://t.co/3CKTrJkIUl"
-
[ Linux ] "Linux Kernel pptp_bind() pptp_connect() Validation Flaw Lets Local Users View Portions of System Memory" http://www.securitytracker.com/id/1034549
"Linux 内核 pptp_bind() pptp_connect() 验证缺陷允许本地用户查看部分的系统内存(CVE-2015-8569): https://t.co/MebPn0TnIE"
-
[ Mac OS X ] Manual Analysis of ‘NSKeyedArchiver’ Formatted Plist Files - A Review of the NEW OS X 10.11 “Recent Items” #DFIR http://www.mac4n6.com/blog/2016/1/1/manual-analysis-of-nskeyedarchiver-formatted-plist-files-a-review-of-the-new-os-x-1011-recent-items
"手动分析 'NSKeyedArchiver' 格式的 Plist 文件, OS X 10.11 版本的新 'Recent Items': https://t.co/fyrERX94NL"
-
[ Network ] DHCPwn - A DHCP IP exhaustion tool https://github.com/mschwager/dhcpwn
"DHCPwn - DHCP IP 耗尽工具 https://t.co/aAmztAXkMB"
-
[ Others ] Retweeted Binni Shah (@ binitamshah): Writing an OS in Rust - Remap the Kernel : http://os.phil-opp.com/remap-the-kernel.html http://fb.me/3OX1epjxa
"用 Rust 语言写一个操作系统系列 - 内核重映射: https://t.co/0aRaXC8G8l https://t.co/cVUggjClmX"
-
[ Others ] Comparison of airgap bypass techniques https://t.co/u1Tbj6Z1wl
"物理隔离 Bypass 技术比较: https://t.co/u1Tbj6Z1wl"
-
[ Others ] BTFS (bittorrent filesystem) https://github.com/johang/btfs
"BTFS (bittorrent 文件系统): https://t.co/PZSlatupPI"
-
[ Others ] (An ((Even Better) Lisp) Interpreter (in Python)) : http://norvig.com/lispy2.html
"一个更好的 Lisp 解释器(Python 写的): https://t.co/zQI3cYj7Rn"
-
[ Others ] ICYMI Windows Insider Preview: Nested Virtualization -- http://blogs.technet.com/b/virtualization/archive/2015/10/13/windows-insider-preview-nested-virtualization.aspx
"微软 Technet Blog:Windows Insider Preview: 嵌套的虚拟化, 2015 年 10 月份的 Blog: https://t.co/Tu7PuiU3XZ"
-
[ Pentest ] Redteam Cheatsheet : https://github.com/mdsecresearch/Publications/blob/master/cheatsheets/RedRelease.pdf cc: @ domchell || @ hackerfantastic
"Redteam(渗透测试者)的备忘单: https://t.co/MfApz5yXJC "
-
[ Sandbox ] DLL Injection and much more in Python from @ s7ephen https://s7ephen.github.io/SandKit/
"SandKit - 沙箱技术研究辅助工具 https://t.co/ed9du50XrY Github 项目: https://github.com/s7ephen/SandKit 很久没有更新了"
-
[ Tools ] A Unikernel Firewall for QubesOS: http://roscidus.com/blog/blog/2016/01/01/a-unikernel-firewall-for-qubesos/
"用于 QubesOS 的防火墙, QubesOS 是运行在 XEN 中的桌面操作系统: https://t.co/bWDqwe0x1e"
