腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2016/12/05

Matt @matt_dz

[ Firmware ] DRAMA: How Your DRAM Becomes a Security Problem https://www.youtube.com/watch?v=lSU6YzjIIiQ https://www.blackhat.com/docs/eu-16/materials/eu-16-Schwarz-How-Your-DRAM-Becomes-A-Security-Problem.pdf #BHEU 2016 @ anders_fogh @ misc0110

"你的 DRAM 是如何成为一个安全问题的？（Video）： https://t.co/kUM6xXQ26L slides： https://t.co/YavuRRkzgR"
Black Hat @BlackHatEvents

[ iOS ] Exploit an iOS device remotely via Wi-Fi without any user interaction & completely bypassing the iOS sandbox #BHASIA http://ow.ly/Gcsx306MF2T

"Black Hat 2017 ASIA 议题预告： Remotely Compromising iOS via Wi-Fi and Escaping the Sandbox,来自腾讯 Keen Lab： https://t.co/GxWKqkYlZh"
argp @_argp

[ macOS ] macOS 10.12.1 XNU 3789.21.4 kernel sources are now available: https://opensource.apple.com/tarballs/xnu/xnu-3789.21.4.tar.gz

"macOS 10.12.1 XNU 3789.21.4 内核源码︰ https://t.co/pntr9AU1n8"
Palo Alto Networks @PaloAltoNtwks

[ MalwareAnalysis ] #ICYMI PluginPhantom: New #Android Trojan abuses “DroidPlugin” framework. Get the #Unit42 report http://oak.ctx.ly/r/5ae0h

"PluginPhantom ，一个利用 Android DroidPlugin 框架的新木马： https://t.co/0JUYnB36a0"
Gael Hofemeier @GaelHof

[ Others ] Intel #SGX Tutorial Series: Part 7, Refining the #Enclave #ITSEC http://intel.ly/2gzm16g https://t.co/VN15pGdRF0

"Intel SGX 教程系列: Part 7：Refining the Enclave ： https://t.co/Fnh4JXUsip "
Florian Roth @cyb3rops

[ Tools ] Record Query ad-hoc exploration of data sets w/o having to use heavy-weight tools like SQL https://github.com/dflemstr/rq https://t.co/ua8SpXtCxV

"Record Query ad-hoc exploration of data sets ： https://t.co/eZ6P0jK7vR https://t.co/ua8SpXtCxV "
Nicolas Krassas @Dinosn

[ Tools ] SQL injections vulnerabilities in Stack Overflow PHP questions https://laurent22.github.io/so-injections/ (nice graphs)

"统计了 Stack Overflow 上出现的 PHP SQLi 相关问题的时间与地区分布的统计图： https://t.co/FDgkQBAR9w "
Nicolas Krassas @Dinosn

[ Windows ] Microsoft Authorization Manager "azman" XML External Entity https://cxsecurity.com/issue/WLB-2016120021

"Microsoft Authorization Manager "azman" XML External Entity： https://t.co/gfbVvu6OjR"

Xuanwu Spider via KitPloit

[ Tools ] 域密码审查工具： http://www.kitploit.com/2016/12/dpat-domain-password-audit-tool-for.html
Xuanwu Spider via Seebug

[ Browser ] Bypassing CSP using polyglot JPEGs（翻译版）： http://paper.seebug.org/133/
Xuanwu Spider via Solidot

[ Attack ] 沙特遭到毁灭性黑客攻击： http://www.solidot.org/story?sid=50591

2016/12/05