腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Android ] Hack any Android Phone using Spade APK Backdoor http://www.hackingarticles.in/hack-android-phone-using-spade-apk-backdoor/
"Spade APK -- 可用于 hack 安卓手机: http://www.hackingarticles.in/hack-android-phone-using-spade-apk-backdoor/"
-
[ Debug ] DontBug, a reverse-execution PHP debugger based on rr and Xdebug. https://github.com/sidkshatriya/dontbug Some neat tricks!
" Dontbug Debugger - 一款反序(时间穿越) PHP 调试器: https://t.co/6KvRQlpDFp "
-
[ Hardware ] 50,000,000,000 Instructions Per Second : Design and Implementation of a 256-Core BrainFuck Computer : http://people.csail.mit.edu/wjun/papers/sigtbd16.pdf (pdf)
" 256 核 BrainFuck 超级计算机的设计与实现,每秒执行 500 亿条指令︰ https://t.co/mY4eMPJPve "
-
[ iOS ] Introspy-iOS working on iOS 9.3.3 https://github.com/integrity-sa/Introspy-iOS/releases @ iSECPartners, @ NCCGroupInfosec
"Introspy-iOS - 用于辅助了解 iOS 运行时状态的工具: https://t.co/0E9hi3CftW "
-
[ Malware ] Mirai IoT DDoS Trojan Now Targets Cellular Network Equipment, Sierra Wireless warns customers ~ http://news.softpedia.com/news/mirai-iot-ddos-trojan-now-targets-cellular-network-equipment-509310.shtml?utm_content=bufferfe167&utm_medium=social&utm_source=linkedin.com&utm_campaign=buffer via @ campuscodi
"木马 Mirai 将目标锁定为蜂窝网设备: http://news.softpedia.com/news/mirai-iot-ddos-trojan-now-targets-cellular-network-equipment-509310.shtml "
-
[ Obfuscation ] Deobfuscating a Malicious PHP Downloader: http://www.kahusecurity.com/?p=13577
" 一段恶意的 PHP Downloader 恶意代码的反混淆过程︰ https://t.co/ZTg7mMGmoc"
-
[ Others ] ssh-audit : SSH server auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc) : https://github.com/arthepsy/ssh-audit
"SSH server auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc): https://github.com/arthepsy/ssh-audit"
-
[ Popular Software ] How Signal Protocol Works : http://www.alexkyte.me/2016/10/how-textsecure-protocol-signal-whatsapp.html ; How secure is TextSecure : https://eprint.iacr.org/2014/904.pdf (pdf)
"Textsecure 协议是如何工作的: http://www.alexkyte.me/2016/10/how-textsecure-protocol-signal-whatsapp.html ; 关于 Textsecure 协议的安全性paper: https://eprint.iacr.org/2014/904.pdf"
-
[ ReverseEngineering ] Rewrote my Windows driver IDA plugin, some super hacky bits but more functionality and cleaner code ^^… https://t.co/m3EcB0Jxjp
"作者写了一个 IDA Pro 的插件,用于辅助逆向 Windows 驱动及其 IOCTL: https://github.com/sam-b/win_driver_plugin "
-
[ Tools ] ruler : A tool to abuse Exchange services : https://github.com/sensepost/ruler
" ruler - 滥用 Exchange 服务的渗透工具︰ https://t.co/qStSFqWBwW"
-
[ Tools ] I wrote two #PowerShell v3 functions to parse and recover binary Device Guard Code Integrity policies: https://gist.github.com/mattifestation/92e545bf1ee5b68eeb71d254cec2f78e
" 作者用 PowerShell 写了一个工具,用于解析和还原二进制 'Device Guard Code Intergrity' 的策略: https://gist.github.com/mattifestation/92e545bf1ee5b68eeb71d254cec2f78e"
-
Xuanwu Spider via 网路冷眼 的微博[ Debug ] GDB 调试方面的几个小建议: https://metricpanda.com/tips-for-productive-debugging-with-gdb
-
Xuanwu Spider via 乌云 Drops
[ Language ] PostScript语言安全研究(一)ImageMagick新漏洞分析: http://drops.wiki/index.php/2016/10/15/postscript/
-
Xuanwu Spider via 安全客
[ Android ] CVE-2016-3918:电子邮件信息泄露漏洞分析: http://bobao.360.cn/learning/detail/3107.html
-
Xuanwu Spider via SecWiki
[ Hardware ] 【Electronic Warfare Payloads of UAVs】无人机电子战载荷的新发展: http://mp.weixin.qq.com/s?__biz=MzAwMDE3MzgxMQ==&mid=2654113135&idx=1&sn=ca97f2f7a1266217308650abac3ce48d&chksm=812adef3b65d57e5dc69ccade33475fccf45ecc3c20ba44a8d8ffaefd3b263203d98a4c3190c&mpshare=1&scene=1&srcid=1016YGQhMu5mAYVzrC4OnUnv#rd