腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Android ] "Detecting Pirated and Malicious Android Apps with APKiD" https://rednaga.github.io/2016/07/31/detecting_pirated_and_malicious_android_apps_with_apkid/ cc @ timstrazz || @ caleb_fenton https://t.co/tExjwqeBYh
" 用 APKiD 检测恶意/盗版 Android 应用程序: https://t.co/8DvB7F5ylW "
-
[ Android ] Reverse engineering and removing Pokémon GO’s certificate pinning https://eaton-works.com/2016/07/31/reverse-engineering-and-removing-pokemon-gos-certificate-pinning/
" 逆向以及移除 Pokémon GO 客户端的严格证书检查(Certificate Pinning): https://t.co/qhycDyXtTM"
-
[ Backdoor ] Backdooring DLL’s Part 3 http://www.gironsec.com/blog/2016/07/backdooring-dlls-part-3/
" 如何修改 DLL,植入后门 Part 3: https://t.co/LeAw0pzMQZ"
-
[ macOS ] Helpful article on debugging system calls on OSX: http://bryce.is/writing/code/macosx/debugging/udp/sockets/dtruss/dtrace/eaddrinuse/2016/07/30/debugging-using-system-calls.html
" 在 OS X,利用 dtruss 和 DTrace 工具,监控应用的系统调用︰ https://t.co/34DWVY2jqD"
-
[ OpenSourceProject ] Fun with Bignums: Crashing MatrixSSL and more https://blog.fuzzing-project.org/51-Fun-with-Bignums-Crashing-MatrixSSL-and-more.html
" Fuzzing Project 对 MatrixSSL 库的 Fuzz 结果: https://t.co/PPkgTdMbtn"
-
[ Others ] Fake FreeDNS Used to Redirect Traffic to Malicious Sites : https://blog.sucuri.net/2016/07/fake-freedns-used-to-redirect-traffic-to-malicious-sites.html
"FreeDNS 被用于重定向用户流量到恶意站点︰ https://t.co/E2Yi3vVymx"
-
[ Others ] Defense in depth -- the Microsoft way (part 41): vulnerable by(poor implementation of bad) design - http://seclists.org/fulldisclosure/2016/Jul/63 #EoP
" Windows Update 会以 SYSTEM 权限调用 DISM.exe,而 DISM.exe 会尝试加载 PEProvider.dll,此处可以被利用实现提权,来自 FullDisclosure 的公告: https://t.co/kZgpXSxEDb "
-
[ Web Security ] Multiple vulnerabilities in All In One WP Security & Firewall plugin login… http://goo.gl/fb/qEUmLp #FullDisclosure
" WordPress 防火墙插件验证码登录存在多个漏洞,来自 FullDisclosure 公告: https://t.co/Q1kuO15K9T "
