腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Attack ] Incident Report : Inadvertent Private Repository Disclosure ( GitHub ) : https://github.com/blog/2273-incident-report-inadvertent-private-repository-disclosure
" 10 月 20 号那天,GitHub 系统中的一个不小心的 Bug 使 156 个私有代码仓库的用户数据泄漏: https://t.co/MPnLf2eZnO"
-
[ Language ] Step-by-step tutorial to build a modern JavaScript stack from scratch : https://github.com/verekia/js-stack-from-scratch
" 从头开始一步步构建现代的 JavaScript 技术栈 - ES6, Babel, Gulp, ESLint, React, Redux, Webpack, Immutable, Mocha, Chai, Sinon, Flow︰ https://t.co/fP9iPse3Vq"
-
[ Linux ] MITM on sync+emerge = root almost any gentoo system http://bit.ly/2eJ0Sbx (http://bit.ly/2eRkBTZ)
" MITM on sync+emerge = root almost any gentoo system: https://t.co/SM7Dq6Evtg https://t.co/KeAB93WcvA"
-
[ Network ] LDAP as attack vector could power Terabit-Scale LDAP DDoS Attacks http://securityaffairs.co/wordpress/52841/cyber-crime/ldap-ddos.html
"LDAP 协议可以被用于发动大规模的 DDoS 攻击: https://t.co/o4vchha0PQ"
-
[ Network ] Multi-Tool Multi-User HTTP Proxy : https://www.swordshield.com/2016/10/multi-tool-multi-user-http-proxy/ cc @ Ne0nd0g https://t.co/sxnKZ4qjbN
"Nginx 搭建同时启用多个工具的 HTTP 代理环境,支持多个用户: https://t.co/7ccYLj5Xul "
-
[ Tools ] APT Search Engine https://cse.google.com/cse/publicurl?cx=003248445720253387346:turlh5vi4xc
"APT 组织以及攻击行动搜索引擎: https://t.co/QRoN8O0IIX"
-
[ Web Security ] Web application for detecting server-side request forgery : https://ssrfdetector.com/
" SSRF Detector︰ https://t.co/i9OGfw8TW3"
-
Xuanwu Spider via Seebug[ Web Security ] XSS dynamic detection using PhantomJs(利用 PhantomJs 动态检测 XSS): http://paper.seebug.org/93/?from=groupmessage&isappinstalled=0
-
Xuanwu Spider via 0xroot 的微博
[ WirelessSecurity ] Reversing LoRa. Exploring Next-Generation Wireless :https://static1.squarespace.com/static/54cecce7e4b054df1848b5f9/t/57489e6e07eaa0105215dc6c/1464376943218/Reversing-Lora-Knight.pdf