腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Attack ] Over 25 million accounts stolen after Mail.ru forums hacked http://www.zdnet.com/article/over-25-million-accounts-stolen-after-mail-ru-forums-raided-by-hackers/#ftag=RSSbaffb68
" Mail.ru 论坛被黑,超过 2500 万账户信息被窃取: https://t.co/EE4aZnhn64"
-
[ Challenges ] Pwntools is a CTF framework and exploit development library. Written in Python, https://pwntools.readthedocs.io/en/stable/
"Pwntools - 用于 CTF 比赛的解题辅助工具库: https://t.co/nrwiosqA1h"
-
[ Crypto ] New collision attacks against #3DES, #Blowfish allow for cookie decryption - http://ow.ly/IkXT303xm0l https://t.co/iMHIsuAD8v
" 针对 3DES、Blowfish 的碰撞攻击,可以被用于 Cookie 解密: https://t.co/2wVw3U9FjX Paper: https://sweet32.info/SWEET32_CCS16.pdf "
-
[ Exploit ] Cross-arch shellcode compiler https://github.com/ixty/xarch_shellcode by @ _ixty_ https://t.co/CVup50lnEb
" xarch_shellcode - 跨平台的 Shellcode 编译器: https://t.co/VmAzcW8fdN "
-
[ Linux ] mountain_goat.c PoC of CVE-2016-5696 Off-Path TCP Exploits https://github.com/Gnoxter/mountain_goat #Linux #TCP #MITM
" Linux Off-Path TCP 流量劫持漏洞(CVE-2016-5696)的 PoC 代码,前天推送过一份,今天又有一位研究者公开了一份代码: https://t.co/U5eDHYxXgv "
-
[ macOS ] new blog: "Click File, App Opens (reversing os x's launch services, to understand 'document handlers')" https://objective-see.com/blog/blog_0x12.html #osxmalware
" Click File, App Opens,Objective-See 对一款 OS X 恶意软件的分析: https://t.co/rgHDlLdcmv "
-
[ Malware ] Discovered the first Twitter-controlled #Android #botnet downloading banking malware! http://www.welivesecurity.com/2016/08/24/first-twitter-controlled-android-botnet-discovered/ https://t.co/tvi1hfk2b0
" 第一个基于 Twitter 的 Android Botnet: https://t.co/o780AaZMXS https://t.co/tvi1hfk2b0"
-
[ NetworkDevice ] A leaked #ShadowBrokers attack has been upgraded to target current versions of Cisco ASA - http://ow.ly/QwFS303ycv3 #EquationGroup
" ShadowBrokers 泄漏的思科 ASA 防火墙 Exploit 可通过升级攻击当前版本: https://t.co/p5Y5rbSl7H "
-
[ Others ] student project "Malware Inside Intel SGX Enclaves", haven't read it yet don't know how good it is http://www.delaat.net/rp/2015-2016/p89/report.pdf
" Malware Inside Intel SGX Enclaves,Paper: https://t.co/rUPVbyQHjT"
-
[ Others ] Slides are now in Slideshare too for referencing purposes: http://www.slideshare.net/SoroushDalili/flash-it-baby-finding-vulnerabilities-in-swf-files-v20-65165645/
" 在 Flash 文件中找漏洞,来自 NCC Group 研究员的分享︰ https://t.co/KL8KxUGGef"
-
[ Others ] On Matching Binary To Source Code http://users.encs.concordia.ca/~mmannan/student-resources/Thesis-MASc-Shahkar-2016.pdf
" 二进制到源码的匹配分析技术,Paper: https://t.co/IbYQERht1a"
-
[ Protocol ] Awesome to see solid further research into HTTP host header attacks! https://hostoftroubles.com/ Time to investigate burp scanner integration :)
" Host of Troubles - 对 HTTP 协议实现中存在的一类漏洞的总结: https://t.co/5Bffr8fsPl "
-
[ Tools ] IDA 6.95 iOS debugger tutorial added: https://www.hex-rays.com/products/ida/support/tutorials/debugging.shtml
"IDA Pro 网站的文档库新增 IDA 6.95 iOS 调试器的使用教程︰ https://t.co/6qZ19VDbwK"
-
[ Tools ] Relative-Pattern is tool experimenting a formal method to recover CFG for code virtualization obfuscated binaries - https://github.com/mmyydd/relative-pattern
" Relative-Pattern - 从混淆代码中还原 CFG(控制流图)的工具: https://t.co/pdMOx8Elks"
-
[ Virtualization ] VMware reveals vulns http://www.theregister.co.uk/2016/08/24/vmware_reveals_vulns/
"VMware 刚刚修复了一个 '重要级别' 的漏洞: https://t.co/wyISr6yXxd"
-
[ Windows ] Wish WMI was on Linux? Microsoft just published the open source implementation, OMI to GitHub: https://github.com/Microsoft/omi
" 微软开源了 OMI - WMI 在 Linux 的实现: https://t.co/uB12GWsmRp"
