腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Android ] A Survey on Detection Techniques of Android Malware - http://www.ijcssca.co.in/Archive/Vol1/Issue2/V1I2%20(2).pdf
"Android 恶意软件检测技术调查, Paper: https://t.co/zQlybYTlTO"
-
[ Attack ] 64% of Angler #ExploitKit attacks blocked by #Symantec IPS in 2015 targeted #Windows7 http://symc.ly/1mQhYo7 https://t.co/kjKcxkatvU
"2015 年 Symantec IPS 阻断的 Angler Exploit Kit 攻击中,针对 Windows 7 的攻击占 64%: https://t.co/hPmorjWDmS https://t.co/kjKcxkatvU"
-
[ Defend ] Section 7.4 of the ".trust Technical Policy" is flawed & leverages XSS - affecting even @ NCCGroupplc's own services https://whodoyou.trust/globalassets/documents/dot-trust-technical-policy.pdf
"来自 NCC Group 的 '.trust Technical Policy' 白皮书, 这篇 Paper 介绍了 NCC Group 在网络安全加固方面总结的实践经验,涵盖的内容很广,包括网络、Web 应用、邮件、DNS 等: https://t.co/Z5FZI9yfS7"
-
[ Fuzzing ] Fuzzing automation with AFL and Jenkins : https://zubu.re/fuzzing-automation-afl-jenkins.html
"借助 Jenkins 和 Docker,搭建一个自动化的 AFL Fuzz 框架: https://t.co/nsVOb8z91U"
-
[ Hardware ] Good overview: Security Attacks Against the Availability of LTE Mobility Networks http://web2-clone.research.att.com/export/sites/att_labs/techdocs/TD_101153.pdf #shmoocon https://t.co/i7uAvdilXb
"针对 LTE 移动网络可用性的安全攻击,来自美国 AT&T 安全研究中心的 Paper: https://t.co/i7uAvdilXb https://t.co/gm022bDimF "
-
[ Mac OS X ] Sailor, a native and portable container system for NetBSD and Mac OS X https://github.com/NetBSDfr/sailor #Unix #Jails #Sysadmin #developer
"Sailor - 可移植的容器系统,目前支持 NetBSD 和 Mac OS X : https://t.co/lwE4I7547q "
-
[ Others ] Refund attacks on Bitcoin’s Payment Protocol : https://eprint.iacr.org/2016/024.pdf (pdf)
"针对比特币支付协议的退款攻击, Paper: https://t.co/magIZWE534"
-
[ Tools ] Dr. Memory: A Memory Checker Faster Than Valgrind : http://drmemory.org/
"Dr. Memory 是一个内存监控工具,用于识别内存相关的错误,如为初始化访问、Double Free、UAF、内存泄露等, Dr. Memory 基于 DynamoRIO,速度比 Valgrind 快: https://t.co/jLkMLAvQre"
-
[ Tools ] Handle_Disk - 一个磁盘分区恢复软件,能够实现从被损坏了分区表的磁盘镜像中恢复出可能的分区表。 https://github.com/purpleroc/hand_disk https://t.co/pUAK70SmoX
"Handle_Disk - 一个磁盘分区恢复软件,能够实现从被损坏了分区表的磁盘镜像中恢复出可能的分区表: https://t.co/XNVCfmOO8g https://t.co/pUAK70SmoX"
-
[ Web Security ] web2attack : Web hacking framework with tools,exploits by python : https://github.com/santatic/web2attack
"web2attack - Web Hacking 框架,内嵌了多个 Web 漏洞的 Exploits,该框架用 Python 语言编写: https://t.co/AnZT17kt0e"
-
[ Web Security ] The Web Never Forgets : Persistent Tracking Mechanisms in the Wild : https://securehomes.esat.kuleuven.be/~gacar/persistent/the_web_never_forgets.pdf (pdf) cc: @ random_walker
"Web 网站忘不了你 - 3 种 Web 跟踪机制研究,包括 Canvas 指纹、evercookie 和 cookie syncing,来自比利时鲁汶大学的 Paper: https://t.co/d4FPfOpmQd "
-
[ Web Security ] Phishing attack against LastPass https://www.seancassidy.me/lostpass.html
"LostPass - 针对 LastPass 的钓鱼攻击 https://t.co/OhwA9O5FRF "
-
[ Windows ] My slides for the @ shmoocon #firetalk "Red Team Upgrades: Using SCCM for Malware Deployment" are up here: http://www.slideshare.net/enigma0x3/red-team-upgrades-using-sccm-for-malware-deployment-57117235
"滥用 SCCM(微软的系统中心配置管理器)部署恶意软件: https://t.co/dpWywEmB9Z"
