腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Bug Bounty ] Reviewing bug bounties - a hacker's perspective http://www.skeletonscribe.net/2016/08/reviewing-bug-bounties-hackers.html
" 从黑客的角度看各大 Bug Bounty: https://t.co/Ty3rdBzHts"
-
[ Crypto ] The most astonishing #sec16 paper: Investigating the Origins of RSA Public Keys. https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/svenda
" RSA 公钥的起源调查,Paper: https://t.co/Va2R0Z9HDO"
-
[ IoTDevice ] Rooting a Samsung IP camera with a series of small vulnerabilities https://www.pentestpartners.com/blog/samsungs-smart-camera-a-tale-of-iot-network-security/
" 利用一些小漏洞 Root 三星网络摄像头: https://t.co/5t1QdUFymP"
-
[ Malware ] Attack requires malware to manipulate HDD actuator arm. https://threatpost.com/academics-devise-new-way-to-steal-data-from-air-gapped-computers/119858/
" 以色列本·古里安大学的研究员提出了一种隐蔽数据窃取的方法,通过控制硬盘的噪声从物理隔离网络传输数据: https://t.co/5OCW3QHvEu Paper: https://arxiv.org/ftp/arxiv/papers/1608/1608.03431.pdf "
-
[ Malware ] Decrypting Chimera ransomware https://blog.malwarebytes.com/cybercrime/2016/08/decrypting-chimera-ransomware/
" MalwareBytes 对 Chimera 勒索软件的分析: https://t.co/QsWWkqBgAb"
-
[ Others ] Concolic Execution and Code Coverage with Triton http://trust-research.herokuapp.com/concolic_execution_code_coverage_triton/
" 基于二进制分析框架 Triton 的符号执行和代码覆盖分析: https://t.co/v2FVBiWxW3 "
-
[ Popular Software ] Somebody dumped on pastebin 10 vulns for Teamspeak3, claims some are RCE: http://pastebin.com/raw/MGsWnTd0
" 有黑客在 Pastebin 公开了语言通讯软件 Teamspeak3 的 3 个 RCE 漏洞: https://t.co/S7amxVbHgY"
-
[ Web Security ] Instagram Stored OAuth XSS - http://www.paulosyibelo.com/2016/08/instagram-stored-oauth-xss.html #bugbounty
"Instagram OAuth 认证 API 存储型 XSS: https://t.co/7h27KcdRpB "
-
[ Windows ] Run #PowerShell with DLLs only: https://github.com/p3nt4/PowerShdll #infosec #Malware
" 通过 rundll32 运行 PowerShell 代码: https://t.co/3srgkpLrcf "