腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Crypto ] 90 Percent of All SSL VPNs Use Insecure or Outdated Encryption http://news.softpedia.com/news/90-percent-of-all-ssl-vpn-use-insecure-or-outdated-encryption-501038.shtml
"据 SoftPedia 报道:90% 的 SSL VPN 在使用不安全的或过时的加密: https://t.co/RBWjcwtHwb"
-
[ Defend ] The Intel SGX Memory Encryption Engine: http://intel.ly/1Qjs24H #IntelSoftware
"Intel SGX 内存加密引擎(含 PPT 和 Paper): https://t.co/fKumhLx7mf "
-
[ Hardware ] Intel CPU bugs http://danluu.com/cpu-bugs/
"2015 年我们看到了一些 Intel CPU 的 Bugs, 将来我们会看到更多: https://t.co/3SG7qLFQNg"
-
[ Mac OS X ] HackingTeam using native OS X crypto to protect malware -neat! New blog w/ sample + decryptions/dumpings/detections: https://objective-see.com/blog/blog_0x0D.html
"HackingTeam RCS 利用 OS X 加密组件加密恶意软件, 来自 Objective-See Blog : https://t.co/3wWWlV81fk"
-
[ Others ] My @ bsidessf "Exploit Development Training & Competition" materials are up https://samsclass.info/#EVENTS
"Bsides SF 2016 会议 Linux 缓冲区漏洞利用开发培训资料: https://t.co/Y26WXFzaL4"
-
[ Others ] QEMU unpriv account to host kernel ring0, exploitable in AMD based cpu systems https://lkml.org/lkml/2016/2/26/876
"Robert Święcki 发现,AMD 系列 CPU 在处理 0x6000832 ucode 时存在 Bug,可以导致 QEMU Guest 向 Host Ring0 的逃逸, 来自 邮件列表: https://t.co/rHdwfiiPtR"
-
[ Pentest ] JavaScript Phishing http://en.wooyun.io/2016/02/04/42.html
"JavaScript 钓鱼 - JavaScript 后门在渗透测试中的应用, 来自 Wooyun Drops, 中文版: http://drops.wooyun.org/tips/12386 "
-
[ Popular Software ] Security assessment of Oracle's eBusiness suite with PoCs for the more interesting web SQL injection issues http://www.davidlitchfield.com/AssessingOraclee-BusinessSuite11i.pdf
"Oracle 电子商务套件 11i 版本 SQL 注入漏洞报告(2015 年 11 月): https://t.co/jhdpBjCn0T"
-
[ ThirdParty ] Writeup for my Jenkins pre-authentication RCE (CVE-2016-0792), which attacks XStream: https://www.contrastsecurity.com/security-influencers/serialization-must-die-act-2-xstream
"Jenkins 反序列化库 XStream RCE (CVE-2016-0792), 来自 Contrast Security Blog: https://t.co/mCapYcxYBM"
-
[ Tools ] New Post: Veil Framework – Antivirus Evasion Framework http://ift.tt/1R7P2Qs https://t.co/csKAOdL3Mc
"Veil 框架 - 防病毒软件逃逸框架: https://t.co/EypzJR1pJH https://t.co/csKAOdL3Mc"
