腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Android ] Android Reverse Engineering Tools https://hackerlists.com/android-reverse-engineering-tools/
" 25 个常用的 Android 逆向工具: https://t.co/s3iKg1k6X4"
-
[ Challenges ] DEF CON CTF is almost over! Releasing our tools: qemu+cgc https://github.com/leetchicken/qemu-cgc/; afl+cgc https://github.com/leetchicken/afl #defcon #afl #qemu #cgc
"DEF CON CTF CGC(机器人团队)的工具, QEMU+CGC: https://t.co/BkBXUGlTY9 AFL+CGC: https://t.co/au8fPrQ2GB "
-
[ Debug ] Explanation of how debuggers/tracers work and how to make one on your own http://researchcomplete.blogspot.com/2016/08/on-subject-of-debuggers-and-tracers_5.html
" Linux 调试器是如何工作的,以及如何写一个自己的调试器(基于 ptrace): https://t.co/XjkyqSXdvA "
-
[ iOS ] #iOS binary pack (64) updated: latest jtool, procexp, and important fix for login to allow shell from terminal apps http://newosxbook.com/tools/iOSBinaries.html
" iOS/OS X 系统一些非常好用的二进制命令行工具: https://t.co/z1wpIXnhYo "
-
[ Others ] Now with code https://github.com/ufrisk/pcileech/blob/master/readme.md DMA attacks via PCIe using a PLX USB3380 aka SLOTSCREAMER. Leet work. https://twitter.com/ulffrisk/status/759040404662652928
" PCILeech - 利用 USB3380 芯片直接读写目标系统的内存: https://github.com/ufrisk/pcileech "
-
[ Others ] A new funny Java Deserialization Gadget in Apache Wicket https://remoteawesomethoughts.blogspot.fr/2016/08/apache-wicket-6230-deserialization.html
" Apache Wicket 库 6.23.0 版本的 DiskFileItem 类存在一个 Java 反序列化漏洞: https://t.co/r0pk6Sxmfi "
-
[ Tools ] Awesome tool to enable and disable the proxy in burp very fast. https://github.com/melvinsh/BurpToggle
" BurpToggle - OS X 系统快速启用/禁用 Burp 代理的工具: https://t.co/8EvsAgbyQL"
-
[ Web Security ] Blind OOB XXE At UBER 26+ Domains Hacked. http://nerdint.blogspot.co.uk/2016/08/blind-oob-xxe-at-uber-26-domains-hacked.html
" Uber 网站的一个 XXE 漏洞: https://t.co/BvPwQkdv50"