腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Android ] Introduction to Lobotomy | Part Two - http://rotlogix.com/2016/01/09/introduction-to-lobotomy-part-two/ #android #mobile #security
"Lobotomy 是一个功能比较全面的 Android 逆向分析框架,这篇 Blog 介绍如何用它反编译 APK 以及如何解决一些应用不可调试的问题: https://t.co/pfpSAwXK2v"
-
[ Android ] Some malicious apps use compromised devices to download and positively review other malicious apps by same authors https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/
"恶意软件家族 Brain Test 卷土重来 - 在被攻击的设备上从应用商店下载该作者的其他应用,共计发现了 13 款应用: https://t.co/8ylSU3puMB"
-
[ Browser ] Nvidia GPUs can break Chrome's incognito mode https://charliehorse55.wordpress.com/2016/01/09/how-nvidia-breaks-chrome-incognito/
"Nvidia GPU 是如何破坏 Chrome 的隐身模式: https://t.co/LtsxNAW3ON"
-
[ Crypto ] KCI-based MitM Attacks against TLS : https://github.com/maldevel/BSides_Vienna_2015/blob/master/kci_based_man_in_the_middle_attacks_against_tls.pdf
"基于 KCI(Key Compromise Impersonatio) 中间人攻击 TLS: https://t.co/7DboKrSWQf"
-
[ Fuzzing ] boofuzz - A fork and successor of the Sulley Fuzzing Framework. http://ow.ly/WPAyY
"boofuzz - Sulley Fuzz 框架的 fork 版本: https://t.co/kBqrs9cDF1"
-
[ Network ] Joy package for capturing and analyzing for network research, forensics & security monitoring http://seclist.us/joy-a-package-for-capturing-and-analyzing-for-network-research-forensics-security-monitoring.html
"Joy - 用于网络流量捕获、分析、取证、监控的工具: https://t.co/jOxwDc7vQw "
-
[ Obfuscation ] Javascript Deobfuscator Updated: http://www.kahusecurity.com/?p=13482
"Javascript Deobfuscator 更新为 0.3 版本: https://t.co/bp7NLEkyny"
-
[ Others ] BetterCap and the first REAL DoubleDirect ICMP Redirect Attack http://www.evilsocket.net/2016/01/10/bettercap-and-the-first-real-icmp-redirect-attack/
"下一个版本的 BetterCap 将会支持 ICMP 全双工重定向中间人攻击: https://t.co/DRkVrZkVjZ"
-
[ Others ] T. Eisenbarth: Cache Attacks on the Cloud. https://drive.google.com/file/d/0Bzm_4XrWnl5zVy0wSEFsOXdJU2s/view?usp=sharing #realworldcrypto
"云环境中的处理器缓存攻击 Paper: https://t.co/23iAOzbcxM"
-
[ Others ] TorTrojan is a simple trojan-horse written in C# using tor to communicate https://github.com/x1125/tor-trojan #infosec #security
"TorTrojan - 利用 TOR 通信的一款木马, C# 语言编写: https://t.co/KmzxkIjonV"
-
[ Others ] Threat intelligence has to be embedded in your #security program. See what traps to avoid: http://symc.ly/1PLluvN
"威胁情报需要避免的 5 个陷阱,来自 Symantec, 视频: https://t.co/lk0iCap9Fu Paper: https://know.elq.symantec.com/LP=2011?CID=70150000000drF4AAI&MC=193726&OC=81774&OT=WP&TT=SW "
-
[ Others ] New, rewritten #OpenBSD #PF FAQ example "Building an OpenBSD Router" http://www.openbsd.org/faq/pf/example1.html highlights a number of useful #OpenBSD features
"构建一个 OpenBSD 路由器: https://t.co/SRESxJ8FB1 "
-
[ Others ] Shielding applications from an untrusted cloud with Haven https://www.usenix.org/system/files/conference/osdi14/osdi14-paper-baumann.pdf [PDF] https://t.co/GiTKuQnfOV
"在不可信的云环境下执行应用,同时保证完整性和保密性。这篇 Paper 提出了一个原型实现 Haven : https://t.co/GiTKuQnfOV https://t.co/Ph69yd345O "
-
[ Others ] Confidentiality Issues on a GPU in a Virtualized Environment : http://s3.eurecom.fr/docs/fc14_maurice.pdf (pdf) cc: @ BloodyTangerine
"虚拟化环境中的 GPU 保密问题: (PDF) https://t.co/BnaqpEK0rG "
-
[ ReverseEngineering ] The ultimate collection of "How to Reverse Malware" -> Add your input https://www.peerlyst.com/blog-post/resource-learning-how-to-reverse-malware-a-guide?utm_source=Peerlyst%20Post%20Promo&utm_medium=social&utm_content=PeerlystPost&utm_campaign=Peerlyst%20Twitter1
"恶意软件逆向方面的一些资料收集,包括一些教程、工具和样本: https://t.co/zwkAPXQPJA"
-
[ Web Security ] Formal sec analysis of OAuth 2.0 http://arxiv.org/pdf/1601.01229v2.pdf [Dolev-Yao model of web infrast.; 2 unknown attacks found] https://t.co/ruNUs1NVdi
"OAuth 2.0 安全性综合性分析, Paper: https://t.co/7EOEdCQtYW https://t.co/ruNUs1NVdi"
-
[ Web Security ] Malicious Use of the HTML5 Vibrate API https://shkspr.mobi/blog/2014/01/malicious-use-of-the-html5-vibrate-api/
"HTML5 震动 API 的恶意使用: https://t.co/pw3m76BAii"
