腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Android ] The Android Open Pwn Project (and You) - https://www.pwnieexpress.com/blog/android-open-pwn-project
"Android 的分支项目 AOPP(网络安全)开源了: https://t.co/NTrcv3cyTH GitHub Repo: https://github.com/aopp "
-
[ Android ] Yet another Android side channel: input stealing for fun and profit https://www.lightbluetouchpaper.org/2016/07/29/yet-another-android-side-channel/
" 根据手势推测 Android 键盘输入的文本: https://t.co/YBFfcRF9sG"
-
[ Backdoor ] Backdooring DLL’s Part 2 http://www.gironsec.com/blog/2016/07/backdooring-dlls-part-2/
" 如何修改 DLL,植入后门(Part 2): https://t.co/kyKvGtGrSd"
-
[ Hardware ] A curated list of resources for learning about vehicle security and car hacking - https://github.com/jaredmichaelsmith/awesome-vehicle-security
" awesome-vehicle-security - 汽车安全研究资料收集: https://t.co/UC57f0lKyP"
-
[ iOS ] [Intel Security] Active iOS Smishing Campaign Stealing Apple Credentials https://goo.gl/C014E1
" 一个专门偷 iOS Apple ID 的诈骗攻击,来自 McAfee Blog: https://t.co/oM0KRXhtwh"
-
[ macOS ] The Journey of a complete OSX privilege escalation with a single vulnerability - Part 1 http://keenlab.tencent.com/2016/07/29/The-Journey-of-a-complete-OSX-privilege-escalation-with-a-single-vulnerability-Part-1/
" 仅通过一个漏洞实现 OS X 完整提权,来自科恩实验室 Blog,作者为 Flanker: https://t.co/W4DAwPbclS "
-
[ Malware ] #Unit42 observes Afraidgate: major Exploit Kit campaign switches CryptXXX #ransomware back to #Locky http://bit.ly/2aCRFAV
" Afraidgate 攻击行动中开始用 Neutrino Exploit Kit 传播 Locky 勒索软件: https://t.co/wPRwJxk7nD "
-
[ Others ] Quicksand.io API python examples take command line options to upload or search https://github.com/tylabs/quicksand_tools
"Quicksand - Office 恶意文档分析框架: http://quicksand.io/ 文件提交和搜索工具: https://t.co/4gXjMqtUFv"
-
[ Others ] A Stack Memory Abstraction and Symbolic Analysis Framework for Executables https://www.cs.columbia.edu/~angelos/Papers/2016/stack.pdf
"栈内存抽象与符号化的分析框架,Paper: https://t.co/qLrOXucir4 "
-
[ Pentest ] Another blog post showing the impact of a cool SSRF I found a month ago. https://seanmelia.wordpress.com/2016/07/28/utilizing-ssrf-to-pivot-internal-networks/
" 通过 SSRF 摆渡进入内网: https://t.co/FXtlINIFTz"
-
[ SecurityProduct ] Barracuda Web App Firewall/Load Balancer Post Auth Remote Root Exploit (3) https://packetstormsecurity.com/files/138093/barracuda_webappfw_and_loadbal_postauth_remote_root_3.rb.txt
" Barracuda(梭子鱼) Web 应用防火墙负载均衡 Root Exploit(3): https://t.co/MjSnhS4ncA"
-
[ Tools ] Procfilter : A YARA-integrated process denial framework for Windows : https://github.com/godaddy/procfilter
"Procfilter - 一个基于 YARA 规则的 Windows 进程监控、阻断工具,可以自定义 YARA 规则︰ https://t.co/pjGUjhJ36C"
-
[ Web Security ] I found 120 bugs in 120 days within bug bounties and wrote a transparent blog post about it: https://shubs.io/high-frequency-security-bug-hunting-120-days-120-bugs/ #bugbounty
" 研究员 Shubham Shah 是如何在 120 天发现 120 个漏洞的︰ https://t.co/CVoJzJKoGG "
-
[ Web Security ] HSTS on http://www.google.com: https://security.googleblog.com/2016/07/bringing-hsts-to-wwwgooglecom.html
" www.google.com 站点启用 HSTS: https://t.co/HSZY2yhCOv"
-
[ Web Security ] QRLJacking — How to bypass QR Code Based Login System http://securityaffairs.co/wordpress/49800/hacking/qrljacking-attack.html
"QRLJacking — 绕过基于二维码的登录系统: https://t.co/uX1r7rtNce Github Repo: https://github.com/OWASP/QRLJacking/wiki "