腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Android ] Very powerful and usable Android IPC firewall by @ Davidwuuuuuuuu presented at @ SummerC0n https://github.com/dxwu/AndroidBinder, also does GPS spoofing.
" AndroidBinder - Android 内核 IPC 防火墙: https://t.co/tRRz756yEY "
-
[ Attack ] Ubuntu Forums hack exposes 2 million users, hacker takes users, pwd, salt (no Tequila) http://zd.net/29Z9Opw #cyber #hacker #security
"Ubuntu 论坛上周四被黑,200 万用户密码信息被窃取: https://t.co/auZAvmqZ8s "
-
[ Debug ] Working MEX WinDbg extension download link https://www.microsoft.com/en-us/download/details.aspx?id=53304 http://fb.me/1eoJU3ZpA
" WinDbg 调试器托管代码(Managed-code)调试扩展 MEX 可以下载了: https://t.co/210AhR9gtR 微软 Blog: https://blogs.technet.microsoft.com/yongrhee/2016/07/15/the-managed-code-debugging-extension-mex-is-now-publicly-available-for-download/ "
-
[ macOS ] @ SummerC0n Up next!!! Slide deck tool research etc... https://github.com/blankwall/MacHeap
" MacHeap - Mac OS X 内存分配插桩工具: https://t.co/W2P0I6ppZd"
-
[ Malware ] I'll post daily phishing links here instead. http://www.vxsecurity.sg/daily-phishing-sites/ #phishing
" 每日钓鱼站点追踪: https://t.co/Cyns9Md9On"
-
[ Malware ] Neutrino EK picks up momentum in recent attacks https://blog.malwarebytes.com/cybercrime/2016/07/neutrino-ek-picks-up-momentum-in-recent-attacks/ https://t.co/8ENvG3KRM1
" Neutrino EK 最近修改了着陆页(Landing Page)的源码,并且集成了一个新的 IE 脚本引擎 CVE-2016-0189 Exploit: https://t.co/3ojcwUDWeM ; http://securityaffairs.co/wordpress/49383/cyber-crime/neutrino-ek-ie-flaw.html https://www.fireeye.com/blog/threat-research/2016/07/exploit_kits_quickly.html "
-
[ NetworkDevice ] Juniper Crypto Bug Let Attackers Eavesdrop on Router, Switch Traffic https://threatpost.com/juniper-crypto-bug-lets-attackers-eavesdrop-on-router-switch-traffic/119319/
" Juniper 上周修复了一个加密方面的漏洞,成功利用该漏洞,黑客可以以中间人方式窃听路由器和交换机的加密流量,来自 ThreatPost 的报道: https://t.co/YvWBq5OuVq"
-
[ OpenSourceProject ] Basic internals of malloc https://sourceware.org/glibc/wiki/MallocInternals
" Glibc 库内存分配的细节: https://t.co/REJ6qPQRq5"
-
[ OpenSourceProject ] 7-Zip fuzzing https://blog.fuzzing-project.org/49-Multiple-issues-in-p7zip.html one wonders if the appliance vendors ever test the code they integrate
" 安全研究员用 AFL Fuzz p7zip 压缩工具的成果: https://t.co/jDwqKOwHfb "
-
[ Others ] New blog post: Gotta Catch ‘Em All! – WORLDWIDE! (or how to spoof GPS to cheat at Pokémon GO) https://www.insinuator.net/2016/07/gotta-catch-em-all-worldwide-or-how-to-spoof-gps-to-cheat-at-pokemon-go/
" 如何通过欺骗 GPS 的方式在 Pokémon GO 游戏中作弊: https://t.co/vf1PWzczPN"
-
[ Others ] How I Could Steal Money from Instagram, Google and Microsoft https://www.arneswinnen.net/2016/07/how-i-could-steal-money-from-instagram-google-and-microsoft/
" 我是如何从 Instagram、Google、微软偷钱的: https://t.co/bNBwgBlcA1 作者的方法是滥用这几个公司提供的语言电话验证服务,拨打高价的付费电话"
-
[ Pentest ] [BLOG] PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server https://blog.netspi.com/powerupsql-powershell-toolkit-attacking-sql-server/ - I hope you like it as much as we do. Have fun! :)
" PowerUpSQL - 专门用于攻击 SQL Server 的 PowerShell 工具套件: https://blog.netspi.com/powerupsql-powershell-toolkit-attacking-sql-server/ "
-
[ Tools ] An intel 64 symbolic emulator - https://github.com/feliam/pysymemu
" PySymEmu - 支持 Intel x86/x64 的符号执行工具: https://t.co/uIBclTeeU2"
-
[ Tools ] ANZ Bank's security incident response tool open sourced http://bit.ly/29Kwxch (http://bit.ly/29KwcGw)
" ANZ(澳新)银行开源了自己的安全应急响应工具 nightHawk: https://t.co/xidBq3Lp8Y GitHub Repo: https://github.com/biggiesmallsAG/nightHawkResponse "