腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Android ] [CVE-2016-6716] Elevation of privilege vulnerability in Android Launcher [RU] http://blog.blackfan.ru/2016/11/android-launcher-vuln.html
" Android Launcher 的一个提权漏洞(CVE-2016-6716): https://t.co/N12Hm6VsyS"
-
[ Android ] Android Security Bulletin CVE-2016-6699 Remote code execution vulnerability in Mediaserver https://source.android.com/security/bulletin/2016-11-01.html again...
"Android 发布 11 月份安全公告: https://source.android.com/security/bulletin/2016-11-01.html"
-
[ Hardware ] Intel(R) HD Graphics 10 - Unquoted Path Privilege Escalation https://goo.gl/fb/2nRlS1 #FullDisclosure
"Intel(R) HD Graphics 10 -- 未用引号包裹路径导致的提权漏洞: https://t.co/LJbwPRrAR9 "
-
[ iOS ] iOS 10.1.x Remote memory corruption through certificate file https://cxsecurity.com/issue/WLB-2016110046
"iOS 10.1.x Remote memory corruption through certificate file: https://t.co/6t8n7mlxbr"
-
[ Others ] Use-After-Use-After-Free Exploit UAF by Genrating Your Own : https://www.blackhat.com/docs/eu-16/materials/eu-16-Wen-Use-After-Use-After-Free-Exploit-UAF-By-Generating-Your-Own.pdf (Slides)
"Use-After-Use-After-Free Exploit UAF by Genrating Your Own,来自 BlackHat EU 2016 的议题(Slides) : https://t.co/WTF4Iycl0x ;"
-
[ Others ] Exploiting DRAM Addressing for Cross-CPU Attacks: https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_pessl.pdf ;Exploiting DRAM Buffers for Fun & Profit https://www.blackhat.com/docs/eu-16/materials/eu-16-Schwarz-How-Your-DRAM-Becomes-A-Security-Problem-wp.pdf
"利用 DRAM 寻址实现跨 CPU 攻击︰ https://t.co/Wl6cwg0nMm 攻击 DRAM Buffers: https://t.co/O6jOLNGxZT"
-
[ Others ] AVRop VM: A ROP based M/o/Vfuscator VM on a Harvard device : https://labs.mwrinfosecurity.com/blog/avrop/ https://t.co/CofmPBwkRj
"AVRop VM: A ROP based M/o/Vfuscator VM on a Harvard device ︰ https://t.co/iusxpPBHS5 https://t.co/CofmPBwkRj"
-
[ Others ] Toward Understanding Compiler Bugs in GCC and LLVM http://vuminhle.com/pdf/issta16.pdf
"Toward Understanding Compiler Bugs in GCC and LLVM(paper): https://t.co/vW2gHotBoy "
-
[ Others ] Evasive JScript http://labs.lastline.com/evasive-jscript
"JScript 免杀: https://t.co/XDxWgwspDo"
-
[ Others ] malware tracker blog: QuickSand += structhash http://blog.malwaretracker.com/2016/11/quicksand-structhash.html?spref=tw
"恶意软件跟踪博客︰ QuickSand += structhash : https://t.co/yCnqjW0jnK"
-
[ Pentest ] novahot - A webshell framework for penetration testers : https://github.com/chrisallenlane/novahot cc @ chrisallenlane
"novahot -- 一个用于渗透测试的 webshell 框架︰ https://t.co/evK7rZtsrF "
-
[ Popular Software ] [SYSS-2016-085] Aruba OS Improper Authentication - (CWE-287) https://goo.gl/fb/46tIsP #FullDisclosure
"Aruba OS Improper Authentication: https://t.co/BwvzokPFbz "
-
[ ThreatIntelligence ] In Q3 2016, our #mobile security products detected 37,150 mobile #ransomware Trojans #KLreport… https://t.co/mL76XtDCrQ
"2016 第 3 季度威胁态势报告,来自 Kaspersky Lab: https://t.co/mL76XtDCrQ"
-
[ Vulnerability ] WinaXe v7.7 FTP 'Server Ready' CMD Remote Buffer Overflow https://goo.gl/fb/9VL0gj #FullDisclosure
"WinaXe v7.7 FTP 'Server Ready' CMD Remote Buffer Overflow: https://t.co/BhTVR8Uxyc "
-
[ Web Security ] Gmail Account Hijacking Vulnerability http://blog.securityfuse.com/2016/11/gmail-account-hijacking-vulnerability.html
"Gmail 帐户劫持漏洞: https://t.co/krVgL8M0wi"
-
Xuanwu Spider via 上海交大 GoSSIP[ Android ] Andriod 重打包检测框架 WuKong: https://loccs.sjtu.edu.cn//gossip/blog/2016/11/07/2016-11-07/
-
Xuanwu Spider via 安全客
[ Windows ] Windows下的渗透测试之提权的基本套路(上): http://bobao.360.cn/learning/detail/3158.html Windows下的渗透测试之提权的基本套路(下): http://bobao.360.cn/learning/detail/3161.html
-
Xuanwu Spider via 网安国际
[ Defend ] UniSan:防止操作系统内核中由未初始化导致的信息泄漏: http://mp.weixin.qq.com/s?__biz=MzA4ODYzMjU0NQ==&mid=2652306968&idx=1&sn=5620c54ad8308217b9e6f82f46208bfd&chksm=8bc56396bcb2ea80425ed67d489e38760d0601009633245236bf1d1e55c61518a707cb3a9e54&mpshare=1&scene=23&srcid=1108auyQu9znBtCsmtVXFnNN#rd