
腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Android ] Hardening Android for Security And Privacy : https://blog.torproject.org/blog/mission-improbable-hardening-android-security-and-privacy
"加固安卓系统的安全性和隐私性︰ https://t.co/F0rZKkRQqh"
-
[ Android ] Nice to see that Intel uses Capstone disassembler in their Android Runtime (ART) extension for #Android #Nougat https://t.co/88c87P8pv8
" Intel 公司为 Android Nougat 提供了 ART-Extension : https://t.co/88c87P8pv8"
-
[ Android ] HackingTeam back for your Androids, now extra insecure ! : http://rednaga.io/2016/11/14/hackingteam_back_for_your_androids/ cc @ timstrazz || @ caleb_fenton… https://twitter.com/i/web/status/799194038930849793
"HackingTeam 再次瞄准 Android 设备 : https://t.co/UMMcb9BCN1"
-
[ Browser ] #DailyBug :) https://twitter.com/natashenka/status/799075178256809984
" Microsoft Edge 浏览器 eval 函数类型混淆漏洞(CVE-2016-7240): https://bugs.chromium.org/p/project-zero/issues/detail?id=948"
-
[ Firmware ] GitHub - jethrogb/uefireverse: Tools to help with Reverse Engineering UEFI-based firmware https://github.com/jethrogb/uefireverse
"uefireverse -- 这个工具用于逆向基于 UEFI 的固件: https://t.co/cHEiw8eWXn"
-
[ iOS ] #iOS 8, 9, 10 passcode bypass can access photos, contacts - http://bit.ly/2eKPygf
"仅用 7 步便可绕过 iOS 8、9、10 锁屏来获取照片及联系人: https://t.co/Pi6v3A2fHV"
-
[ MalwareAnalysis ] awesome-malware-analysis : A curated list of awesome malware analysis tools and resources : https://github.com/rshipp/awesome-malware-analysis/
"恶意软件分析工具和资源的精选分享列表︰ https://t.co/04tc64Nny6"
-
[ Others ] Kaspersky Security Bulletin: 2016 can be declared the year of ransomware. https://securelist.com/analysis/kaspersky-security-bulletin/76660/kaspersky-security-bulletin-predictions-for-2017/
"Kaspersky 发布 2017 年威胁预测报告: https://t.co/Mt6fyBh6kq"
-
[ Others ] Demystifying the i-Device NVMe NAND (New storage used by Apple) : http://ramtin-amin.fr/#nvmepcie https://t.co/mBI15fmh9c
"解密 Apple i-Device NVMe NAND: http://ramtin-amin.fr/#nvmepcie"
-
[ Others ] dextra, a dex / oat disassembler / decompiler - http://buff.ly/2g0PzMG https://t.co/f2T7sR0Q9y
"dextra -- 一个 dex / oat 反汇编器/反编译器 : https://t.co/4AoKrYohjc https://t.co/f2T7sR0Q9y"
-
[ Others ] Announcing new, stricter, SSL Labs requirements for 2017 https://blog.qualys.com/ssllabs/2016/11/16/announcing-ssl-labs-grading-changes-for-2017
"2017 年 SSL Labs 评分将做出一些改变: https://t.co/QCFWbWIYtP"
-
[ Programming ] Rust and Java - http://blog.prevoty.com/rust-and-java
"Rust and Java: https://t.co/fsxpySd7VU"
-
[ SCADA ] What are industrial control systems? A comprehensive guide: http://bit.ly/2fglbx6 #ICS
"一个全面的工业控制系统指南︰ https://t.co/7fSPp2LuM1 "
-
[ Tools ] Defeating the USB Rubber Ducky with Beamgun https://jlospinoso.github.io/infosec/usb%20rubber%20ducky/c%23/clr/wpf/.net/security/2016/11/15/usb-rubber-ducky-defeat.html
"Beamgun -- 一个用来防御 USB Rubber Ducky 攻击的工具: https://t.co/IQMbaYFty7"
-
[ Tools ] VolUtility Version 1.0 Release - web front end for the #Volatility memory analysis framework https://techanarchy.net/2016/11/volutility-version-1-0-release/
"VolUtility 1.0 -- Volatility 内存分析框架的 web 前端扩展: https://t.co/x5FjWuz6vu"
-
[ Tools ] As promised, the PhishLulz code, Amazon image and MailBoxBug are open source from yesterday:… https://t.co/uWD0x7rqB0
"PhishLulz -- 一个自动化的网络钓鱼工具: https://t.co/uWD0x7rqB0"
-
[ Vulnerability ] Twice the bits, twice the trouble: vulnerabilities induced by migrating to 64-bit platforms https://blog.acolyer.org/2016/11/17/twice-the-bits-twice-the-trouble-vulnerabilities-induced-by-migrating-to-64-bit-platforms/
"用于 32 位平台上的代码库被移植到 64 位平台上使用所引发的漏洞隐患: https://t.co/8euipUXKnt"
-
[ Windows ] [Blog Post] Bypassing Application Whitelisting by using dnx.exe: https://enigma0x3.net/2016/11/17/bypassing-application-whitelisting-by-using-dnx-exe/
"通过 dnx.exe 绕过 APP 白名单︰ https://t.co/91GGOV1RXm"
-
[ Windows ] CyberArk Labs Research: Stealing Service Credentials to Achieve Full Domain Compromise http://www.cyberark.com/blog/cyberark-labs-research-stealing-service-credentials-achieve-full-domain-compromise/
"CyberArk 实验室的研究︰ 窃取服务凭证以实现完全域控制(此漏洞对于已开启 Credential Guard (VSM) 的 Windows 10 workstation 同样有效): https://t.co/4HFFoiGyh9"
-
[ Windows ] Windows Subsystem for Linux Overview : https://blogs.msdn.microsoft.com/wsl/2016/04/22/windows-subsystem-for-linux-overview/ , System Calls: https://blogs.msdn.microsoft.com/wsl/2016/06/08/wsl-system-calls/ ;Networking : https://blogs.msdn.microsoft.com/wsl/2016/11/08/225/
"Windows 子系统 Linux 概述︰ https://t.co/tbtJt5Ifp8 系统调用︰ https://t.co/wKtntpwlCo 网络︰ https://t.co/3yn6UDKA1p"
-
[ iOS ] 你的iPhone也出现“澳门赌场”日历推送了吗?分析邪恶的“苹果日历推”产业链: http://www.freebuf.com/articles/terminal/120036.html
-
[ Android ] EdgeMiner: Automatically Detecting Implicit Control Flow Transitions Through the Android Framework,作者提出一种静态的分析工具EdgeMiner。它能够通过分析整个android框架,寻找框架中描述隐式控制流的注册函数和回调函数对: https://loccs.sjtu.edu.cn//gossip/blog/2016/11/17/2016-11-17/
-
[ Browser ] Google 将在 Chrome 56 版本中移除对 SHA-1 的支持: https://threatpost.com/google-removing-sha-1-support-in-chrome-56/122041/