腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Android ] Just finished "Understanding Dalvik Static Fields part 2 of 2" - http://buff.ly/2bxJHs7 https://t.co/IFluXfrqnp
" 理解 Dalvik 的类静态字段 Part 2: https://t.co/h5igBX0vcJ "
-
[ Android ] http://www.slideshare.net/ZongShenShen/probedroid-crafting-your-own-dynamic-instrument-tool-on-android-for-app-behavior-exploration The design memo and hack note about ProbeDroid instrument toy
" ProbeDroid - 构建自己的 Android 动态插桩工具: http://www.slideshare.net/ZongShenShen/probedroid-crafting-your-own-dynamic-instrument-tool-on-android-for-app-behavior-exploration "
-
[ Challenges ] Rex, our automatic exploitation engine from @ mike_pizza and salls, made @ MechanicalPhish #1 in exploitation! https://github.com/shellphish/rex
" Rex - Shellphish 团队公开了用于参加 CGC 机器人 CTF 比赛的自动化漏洞利用工具: https://t.co/R52vIqch5n 还公开了一个称为 Driller 的符号执行工具: https://github.com/shellphish/driller "
-
[ Exploit ] ARM Exploitation: Return Oriented Programming on ARM (on Linux) https://docs.google.com/viewer?url=dl.dropbox.com%2Fu%2F2595211%2FROP_ARMEXP.pdf (125 page free deck) https://t.co/7gVszwWqAT
" ROP on ARM: https://t.co/6VSahgGSR4 "
-
[ Fuzzing ] Fuzzing Perl: A Tale of Two American Fuzzy Lops http://www.geeknik.net/71nvhf1fp #infosec #fuzzing
" 用 AFL Fuzz Perl 的小故事: https://t.co/2EmVlLtNF7 "
-
[ Linux ] Rover - Proof of Concept code for CVE-2016-5696 https://github.com/violentshell/rover
" Linux Off-Path TCP 流量劫持漏洞(CVE-2016-5696)的 PoC 代码: https://t.co/oEZjvNw7Mu"
-
[ Tools ] ME Analyzer is now on GitHub and licensed under GPLv3. Thanks to plutomaniac for it and for it's ME binaries DB. https://github.com/platomav/MEAnalyzer
" ME Analyzer - Intel 的引擎固件分析工具: https://t.co/Bflyyryxff"
-
[ Web Security ] RCE: Race to Code Execution - Finally wrote up details of the Drupal Coder RCE I found! http://blog.nickbloor.co.uk/2016/08/drupal-coder-module-unauthenticated.html CC @ mdisec
" Drupal Coder 模块一个未授权用户的 RCE 漏洞: https://t.co/uDianEigXV "
