腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Browser ] Microsoft Edge: Use-after-free in TypedArray.sort https://bugs.chromium.org/p/project-zero/issues/detail?id=983
"Edge 浏览器 TypedArray.sort 中的 UAF 漏洞(CVE-2016-7288): https://t.co/0ldeKjlai2"
-
[ Linux ] ntfs-3g local privilege escalation to root CVE-2017-0359 http://marc.info/?l=oss-security&m=148619467901185&w=2 #infosec #ntfs #linux #Privesc
"ntfs-3g 本地权限提升漏洞利用脚本(CVE-2017-0359): https://t.co/U2wntS4YBA"
-
[ macOS ] Running Executables on macOS From Memory : https://blog.cylance.com/running-executables-on-macos-from-memory
"在 macOS 从内存运行可执行文件︰ https://t.co/703UfqaZ9X"
-
[ MalwareAnalysis ] #Unit42’s @ Malware_traffic explores CryptoShield Ransomware from Rig EK http://oak.ctx.ly/r/5eztz @ sans_isc
"勒索软件 CryptoShield 探索,来自 Unit42: https://t.co/eFnV5gQifO "
-
[ Mobile ] New Blogpost: ? Unpatched (0day) jQuery Mobile XSS http://sirdarckcat.blogspot.com/2017/02/unpatched-0day-jquery-mobile-xss.html
"未修复的 jQuery Mobile XSS: https://t.co/i5y5Ww6g66"
-
[ Mobile ] OnePlus3/3T Bootloader Vuln (<OxygenOS4.0.1): https://securityresear.ch/2017/02/08/oneplus3-bootloader-vulns/#exploiting-cve-2017-5626-for-kernel-code-execution more details: https://www.xda-developers.com/two-critical-oneplus-33t-bootloader-security-flaws-discovered-one-patched-and-other-being-addressed/ "fastboot oem disable dm-verity"
"OnePlus 3/3T BootLoader 解锁漏洞及 SELinux 漏洞的分析: https://www.xda-developers.com/two-critical-oneplus-33t-bootloader-security-flaws-discovered-one-patched-and-other-being-addressed/"
-
[ NetworkDevice ] Vuln in F5 TLS stack allowing an attacker to extract up to 31 bytes of uninitialized memory at a time https://blog.filippo.io/finding-ticketbleed/ #Ticketbleed
" Ticketbleed (CVE-2016-9244) 漏洞分析: https://t.co/8d0TV5QmF8 "
-
[ Operating System ] Secure operating system? Is this possible? An insight into #KasperskyOS https://kas.pr/v7jy
"KasperskyOS 特性介绍: https://t.co/pfQWtrsSik"
-
[ Popular Software ] Remote directory traversal in Metasploit's downloading of files from victims. Patch 'em if you got 'em! https://t.co/GzhUGOrotO
" Metasploit meterpreter 目录遍历漏洞分析: https://t.co/GzhUGOrotO"
-
[ SecurityReport ] Part 4 of the Exploring the Cybercrime Underground series dives into darknet markets http://oak.ctx.ly/r/5f0dy #Unit42
"暗网买卖大揭秘 Part 4: https://t.co/13JDVao5Nl "
-
[ Tools ] Invoke-Vnc : Powershell VNC injector : https://github.com/artkond/Invoke-Vnc cc @ artkond
"Invoke-Vnc -- Powershell VNC injector︰ https://t.co/A1z9a797GM "
-
[ Tools ] Writing Burp Extensions (Shodan Scanner) https://lnkd.in/eqZHxk3
"编写 Burpsuite 扩展(shodan scanner): https://t.co/1WSxwPC8Bx"
-
[ Vulnerability ] Exploiting node-serialize deserialization for Remote Code Execution-@ ajinabraham https://opsecx.com/index.php/2017/02/08/exploiting-node-js-deserialization-bug-for-remote-code-execution/ Advisory https://t.co/UQhHHzgCum
"利用 Node.js 反序列化来进行远程命令执行: https://t.co/kkJEQ53KMw "
-
[ Web Security ] Nice ! Turning self-XSS into good-XSS part 2 by @ emgeekboy http://bit.ly/2k65bRK
"AirBnb Bug Bounty:将 self-XSS 转化为 XSS Part 2: https://t.co/Y6CoVJMY6G"
-
[ WirelessSecurity ] TP-Link C2 and C20i multiple vulnerabilities https://pierrekim.github.io/blog/2017-02-09-tplink-c2-and-c20i-vulnerable.html #IoT #routers #RCE #DoS #PoC
"TP-Link C2 及 C20i 中存在多个漏洞 : https://t.co/G0OGwfXP0i "
-
Xuanwu Spider via Github[ Language ] 近日,微软亚洲研究院在GitHub 上开源图数据查询语言LIKQ,它是基于分布式图数据处理引擎Graph Engine的可用于子图和路径查询的数据查询语言。LIKQ直接使用原生C#代码构建知识图谱语言,让海量图数据实时检索和集成触手可得: https://github.com/Microsoft/GraphEngine
-
Xuanwu Spider via 安全脉搏
[ Pentest ] Github & CSRF 组合入企业内网的案例: https://www.secpulse.com/archives/55359.html
-
Xuanwu Spider via DockOne.io
[ Windows ] 在 Windows 10 上运行 Linux 及 Windows 容器: http://dockone.io/article/1755