腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Backdoor ] Good writing indicators of MrBlack & AES.DDoS #Linux #malware, ty for the mention and links. http://www.cnblogs.com/LittleHann/p/5205026.html http://www.cnblogs.com/LittleHann/p/5207601.html
"Linux 平台两款后门样本的分析, 来自国内 cnblogs,作者为 LittleHann: https://t.co/3w5w1RBXX8 https://t.co/3CAPnJRMo7"
-
[ Browser ] Vulnerabilities in Mobile Safari http://goo.gl/fb/4PSAlz #FullDisclosure
"Safari 浏览器移动版多个 DoS PoC, 来自 FullDisclosure 公告: https://t.co/LAV6kf9IrY "
-
[ Browser ] ES7 Async functions have just been enabled by default in Chakra \o/ https://github.com/Microsoft/ChakraCore/commit/c6f496186226ff0d4194bd3278e3aca5b2321ff9
"Chakra 引擎将默认启用对 ES7 异步函数的支持, Github 提交日志: https://t.co/DTWgWesg47"
-
[ Crypto ] RSAC2016Presentation: The State of Modern Password Cracking. http://ow.ly/Z3tX4
"RSA 2016 会议演讲: 现代密码破解的现状: https://t.co/d5fI2N4Wgj"
-
[ Debug ] Does anyone know whether you can peek inside SGX containers using Intel's JTAG debugger? https://software.intel.com/sites/default/files/managed/d6/39/10-jtag-debugger-2014.pdf
"有谁知道是否可以用 Intel JTAG 调试器看看 SGX 容器内部的情况吗? Intel JTAG 调试器的使用(Slides): https://t.co/jVKK2FHIZx"
-
[ Defend ] My #RSAC presentation on emulating attackers to be more effective defenders, titled Intelligent Application Security http://www.rsaconference.com/writable/presentations/file_upload/asd-w02-intelligent-application-security-rsa.pdf
"以往我们都是通过渗透测试来评估安全性,但渗透测试与真实的攻击毕竟存在着很多差异,解决的方法就是:像攻击者一样思考, 来自 RSA 2016 的 Slides: https://t.co/abE5UOfd1n"
-
[ Defend ] RSA2016: Securing the "Weakest Link" http://ow.ly/Z3u6P
"RSA 2016 会议演讲: 加固"最弱的那一环": https://t.co/ZMY06bNgwm"
-
[ Hardware ] ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels : https://www.cs.tau.ac.il/~tromer/mobilesc/mobilesc.pdf (pdf)
"以非入侵性的方法(电磁和功率边信道分析)还原手机设备的 ECDSA(椭圆曲线数字签名算法) 密钥信息, Paper : https://t.co/J2cZTQhkhP "
-
[ IoTDevice ] [PDF] Security Analysis of Wearable Fitness Devices (Fitbit) https://goo.gl/yryaaF
"Fitbit Flex 可穿戴设备安全分析报告(PDF): https://t.co/eG94jrPwL8"
-
[ Linux ] 80 Linux Monitoring Tools for SysAdmins https://blog.serverdensity.com/80-linux-monitoring-tools-know/
"Linux 系统 80 个监控工具: https://t.co/PJooJOVqRU"
-
[ Others ] The slides for our #javadeser talk at #RSAC are now online, enjoy! https://www.rsaconference.com/writable/presentations/file_upload/asd-f03-serial-killer-silently-pwning-your-java-endpoints.pdf /cc @ cschneider4711
"Serial Killer 与 Java deserialization(连环杀手与 Java 反序列化漏洞攻击), 来自 RSA 2016 会议的演讲: https://t.co/ynOXZvuhbd "
-
[ Pentest ] Domain Hack——Security Support Provider http://en.wooyun.io/2016/02/29/43.html
"域渗透 - Security Support Provider, 来自 Wooyun Drops: http://drops.wooyun.org/tips/12518 "
-
[ SecurityProduct ] ESET NOD32 Heap Overflow https://packetstormsecurity.com/files/136082/GS20160304010751.tgz
"ESET NOD32 在解压 EPOC(Symbian)安装文件时存在堆溢出漏洞, 这个漏洞由 Project Zero Tavis 于 2015 年 6 月发现并修复: https://t.co/Ut9KSFth8j"
-
[ SecurityProduct ] Panda SM Manager iOS Application - MITM SSL Certificate Vulnerability http://goo.gl/fb/DHaR1D #FullDisclosure
"Panda SM(系统管理) iOS 客户端在连接 HTTPS 站点时没有验证 SSL 证书的有效性, 来自 FullDisclosure 的公告: https://t.co/aE0VB5ofmS "
-
[ SecurityProduct ] McAfee VirusScan Enterprise security restrictions bypass http://goo.gl/fb/IGo4OP #FullDisclosure
"McAfee VirusScan 企业版管理员用户限制特性的绕过, 来自 FullDisclosure 的公告: https://t.co/SgAUbt4SLI "
-
[ ThirdParty ] RSAC2016Presentation: OpenSSL after HeartBleed. http://ow.ly/Z3uF0
"RSA 2016 会议演讲: HeartBleed 漏洞之后的 OpenSSL : https://t.co/8SFkMv6kAo"
-
[ Web Security ] RSAC2016Presentation: DON'T Use Two-Factor Authentication...Unless You Need It! http://ow.ly/Z3zik
"RSA 2016 会议演讲: 除非确实需要,否则不要使用双因素认证: https://t.co/EqZiTBFbA4"
-
[ Windows ] [BLOG] Everything You Always Wanted to Know About Windows Filtering Platform (firewall): http://blog.quarkslab.com/windows-filtering-platform-persistent-state-under-the-hood.html
"详解 Windows 防火墙背后的 WFP(Windows Filtering Platform), 来自 QuarksLab Blog: https://t.co/pOjJ3V19Fh"