腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

Lydia K., PhD @LKCyber

[ Attack ] The #Phishing Breakthrough Point @ KnowBe4 phishing experiment http://cdn2.hubspot.net/hubfs/241394/Phishing-Breakthrough-Point.pdf #awareness #training #infosec https://t.co/Kxq4vdpFyi

"网络钓鱼测试能否有效的降低钓鱼带来威胁吗，来自 KnowBe4 的报告： https://t.co/2QpPy1rZku https://t.co/Kxq4vdpFyi"
Ben Hawkes @benhawkes

[ Browser ] Project Zero guest blog post: "Racing MIDI messages in Chrome" by Oliver Chang (Chrome Security team) - https://goo.gl/6XkAME

"Chrome 浏览器 MIDI 消息条件竞争触发的 UAF 漏洞，普通漏洞的利用大多是先获得 Render 进程的任意代码执行，然后通过 IPC 消息再次触发 Browser 进程的另一个漏洞，最终获得 Browser 进程的任意代码执行。而这个漏洞的特殊性在于它可以直接通过 JavaScript API 触发并利用，直接逃逸沙箱。来自 Project Zero Blog： https://t.co/2uEC8NNMo1"
Binni Shah @binitamshah

[ ReverseEngineering ] Introduction to video reverse engineering : https://fosdem.org/2016/schedule/event/video_reverse_eng/attachments/slides/1129/export/events/attachments/video_reverse_eng/slides/1129/17_vittorio.pdf (Slides)

"视频逆向技术介绍， PDF: https://t.co/aL4xVvIeUG "