腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2016/12/04

Scott Piper @0xdabbad00

[ Conference ] AWS re:Invent security talks: https://www.youtube.com/playlist?list=PLhr1KZpdzukfYBoBNGKS3axyHW9-JClQb

"AWS re:Invent 安全会谈的视频︰ https://t.co/LvvLB9NgVi"
Francisco Alonso @revskills

[ Linux ] Linux kernel: ALSA: use-after-free in,kill_fasync http://seclists.org/oss-sec/2016/q4/575 https://github.com/torvalds/linux/commit/3aa02cb664c5fb1042958c8d1aa8c35055a2ebc4

" Linux kernel ALSA pcm 层 UAF 漏洞： https://t.co/LOcQyIVkkQ Github： https://t.co/dQmvQoDlhO"
Nicolas Krassas @Dinosn

[ Others ] Resources for developers and security engineers to learn the ropes of application security https://github.com/cneill/appsec-resources

"Application Security 学习资源： https://t.co/MP3t6jGXbZ "
Nicolas Krassas @Dinosn

[ Tools ] ShellcodeCompiler - Shellcode C/C++ Compiler for Windows http://www.kitploit.com/2016/12/shellcodecompiler-shellcode-cc-compiler.html

"ShellcodeCompiler -- 用于将c/c++代码转换为小巧、位置独立、无 NULL 字节的 shellcode： https://t.co/IYsqfApvuM"
Binni Shah @binitamshah

[ Tools ] BinSkim :A binary static analysis tool that scans Windows Portable Executable (PE) files for security/correctness : https://github.com/Microsoft/binskim

"BinSkim -- 一个 Microsoft 开源的，可以用来扫描 Windows PE 文件的二进制的静态分析工具︰ https://t.co/lX1hMlxXEy"
Binni Shah @binitamshah

[ Tools ] Aker - A python based ssh bastion/jump host : https://github.com/aker-gateway/Aker , Demo : https://www.youtube.com/watch?v=O-boM3LbVT4 cc @ kre80r https://t.co/0IV2WYNSb7

"Aker -- 基于 python 的 Linux ssh 跳板机/堡垒机设置工具︰ https://t.co/7NmxqpStzQ ; Demo︰ https://t.co/yb9MYyjzID"
Francisco Alonso @revskills

[ Virtualization ] KLEE 1.3.0 Symbolic Virtual Machine released https://github.com/klee/klee/releases/tag/v1.3.0

"符号执行虚拟机 KLEE 1.3.0 发布： https://t.co/yhsVLoPUU5"
Binni Shah @binitamshah

[ Vulnerability ] RedStar OS 3.0 : Remote Arbitrary Command Injection : https://www.myhackerhouse.com/redstar-os-3-0-remote-arbitrary-command-injection/

"朝鲜 RedStar OS 3.0 ︰存在远程任意命令注入漏洞，可弹计算器︰ https://t.co/5ikfHjel9x"
deroko @deroko_

[ Windows ] Shadow stack, new mitigation in windows 10 x64 insider builds : http://deroko.phearless.org/shadow_stack.txt

"Shadow stack -- Windows 10 x64 insider builds 版本中的一项新缓解措施︰ https://t.co/LVA54c8Pvs"

2016/12/04