腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Browser ] Bypass IE XSS filter for POST requests with any POST payload (it is not triggered at all). Of course PDF is used: https://t.co/AIBQqvyEOl
"利用 PDF 绕过 IE XSS 过滤器对 Post 数据的防御: https://t.co/AIBQqvyEOl"
-
[ MalwareAnalysis ] Evil : A poor man’s ransomware in JavaScript : https://www.cert.pl/en/news/single/evil-a-poor-mans-ransomware-in-javascript/
"JavaScript 勒索软件分析︰ https://t.co/bK65Fl8Nsc"
-
[ Mitigation ] excellent post - Manual Control Flow Guard in C - http://nullprogram.com/blog/2017/01/21/ #programming
"用 C 语言实现一个 CFG: https://t.co/EsuyFkPbTT "
-
[ Popular Software ] [local] - Microsoft Power Point 2016 - Java Code Execution https://www.exploit-db.com/exploits/41144/
"Microsoft Power Point 2016 中存在 Java 代码执行: https://t.co/T6UrzCB5zr"
-
[ Protocol ] A cheat sheet of TLS/SSL vulnerabilities : https://www.gracefulsecurity.com/tls-ssl-vulnerabilities/ cc @ HollyGraceful
"针对 TLS/SSL 的漏洞总结︰ https://t.co/RgXXWR5iqg"
-
[ ReverseEngineering ] List of reverse engineering resources https://github.com/wtsxDev/reverse-engineering #reverseengineering https://t.co/1oFlgubrC0
"逆向工程学习资源集: https://t.co/XFQg9YzK04 "
-
[ Tools ] autovpn : Automatically connect to a VPN in a country of your choice : https://github.com/adtac/autovpn
"autovpn -- 可以自动连接指定国家 VPN Gate 服务器的工具︰ https://t.co/9jfV9byLhx"
-
[ Tools ] Kube Lego automates @ letsencrypt certificate requests and renewals for tagged TLS Ingresses in your k8s cluster: https://blog.jetstack.io/blog/kube-lego/
"使用 kuge-lego 在 Kubernetes 中自动配置证书︰ https://t.co/sdmjPiOAwM"
-
[ Vulnerability ] I started cleaning up some older PoCs for re-releasing: uploaded mini GIF, PE, Mach-O, ELF, Java - w/ NASM source https://github.com/corkami/pocs
"关于 PE, Mach-O, ELF, Java 等一些旧的 poc: https://t.co/RRkvPDn3ez"
-
Xuanwu Spider via 腾讯安全应急响应中心[ Obfuscation ] 利用符号执行去除控制流平坦化: https://security.tencent.com/index.php/blog/msg/112