腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Android ] 1 million Google accounts compromised by Android malware called Gooligan http://arstechnica.com/security/2016/11/1-million-android-accounts-compromised-by-android-malware-called-gooligan/
"Android 恶意软件 Gooligan 盗取了 100 万个用户的谷歌帐户: https://t.co/DRelYNDupo"
-
[ Android ] Chapter excerpt on Boot and Init from #Andevcon lecture earlier today - http://newandroidbook.com/temp/AI-boot.pdf (from #Android… https://t.co/1RXCqKiPGq
"《Android Internals: A Confectioner's Cookbook》,讲解 Android 框架、原生库、内核的一本书,链接中的内容主要是此书的 Boot Loader 部分: http://newandroidbook.com/temp/AI-boot.pdf "
-
[ Fuzzing ] blog post: Fuzzing #Qt with libFuzzer -> http://www.peter.hartmann.tk/single-post/2016/11/29/Fuzzing-Qt-with-libFuzzer
"用 libFuzzer 来 Fuzz Qt 框架: https://t.co/we81LTHD1e"
-
[ macOS ] Reverse Engineering Resources (iOS & Mac OS X) : https://pewpewthespells.com/re.html
"针对 iOS 和 Mac OS X 的逆向资源收集︰ https://t.co/LYUqwj7lgw"
-
[ Malware ] New post: HDDCryptor: Subtle Updates, Still a Credible Threat http://bit.ly/2gwYyTr @ TrendMicro
"黑掉旧金山市交通系统的真凶已被找出,TrendLab 指出系 HDDCryptor 勒索变种所为: https://t.co/YF1XboiWUB"
-
[ Others ] Compromised Database Credentials Lead to UK Mobile Network Provider Breach https://duo.com/blog/compromised-database-credentials-lead-to-uk-mobile-network-provider-breach
"英国最大的移动网络提供商之一已经证实,由于员工凭证被盗,导致超过10万客户的信息被泄露: https://t.co/CbZJKkpspL "
-
[ Others ] Bypassing SAML 2.0 SSO with XML Signature Attacks http://research.aurainfosec.io/bypassing-saml20-SSO/
"利用 XML Signature 攻击绕过 SAML 2.0 单点登录: https://t.co/1V0xb3ZtGC"
-
[ Others ] #Botconf16 https://www.youtube.com/user/BotConfTV @ Botconf live stream is available
"Botconf 2016 大会放出议题视频: https://t.co/E4f3ynW6MV "
-
[ ReverseEngineering ] Reversing for Newbies ( Series 1-40) : https://tuts4you.com/download.php?list.17
"逆向新手教程︰ https://t.co/MgThN4N0ev"
-
[ Sandbox ] Tickling it one last time before removal: Angular1.5.9 sandbox bypass by @ tehjh https://output.jsbin.com/hilejusana (Check https://twitter.com/tehjh/status/789309231585456129)
"绕过 Angular1.5.9 sandbox https://t.co/Fchh56aIA5 paper: https://t.co/amrNredtbN"
-
[ Tools ] lscan : a library identification tool on statically linked/stripped binaries : https://github.com/maroueneboubakri/lscan
"lscan -- 一个能够从静态链接/无符号二进制程序中识别可能的第三方库的工具︰ https://t.co/w2FX1AT9PP"
-
[ Tools ] Hunting users using Windows API calls https://github.com/fdiskyou/hunter
"hunter -- 利用 Windows API 调用来枚举跳板机上的用户登录信息: https://t.co/9dAwuBKppA"
-
[ Tools ] XSSER - From XSS to RCE http://www.kitploit.com/2016/11/xsser-from-xss-to-rce.html
"XSS 攻击利器 XSSER 发布了 v2.5 版 : https://t.co/846HtYjbBA"
-
[ Windows ] .@ Microsoft Silently Fixes Kernel Bug That Led to Chrome Sandbox Bypass - https://threatpost.com/microsoft-silently-fixes-kernel-bug-that-led-to-chrome-sandbox-bypass/122179/
"Microsoft 终于悄然得把两年前的一个内核漏洞修复了,该漏洞会导致 Chrome sandbox 被绕过: https://t.co/eZJrE5pLeF"
-
Xuanwu Spider via 先知技术社区[ Web Security ] 我的WafBypass之道(upload篇): https://xianzhi.aliyun.com/forum/read/458.html
-
Xuanwu Spider via Mottoin
[ Browser ] IE浏览器UAF漏洞CVE-2014-0282的分析与利用: http://www.mottoin.com/92909.html