腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Browser ] AngularJS 1.6.3 also fixes a universal CSP bypass via add-on in Firefox: Context: https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435 Attack: http://pastebin.com/raw/kGrdaypP
"Angular 1.5.8 的 Bug,可以被用于 Bypass CSP︰ https://t.co/yk8ftr4IRv Attack︰ https://t.co/RdOj1AMnaU"
-
[ Protocol ] ATTACKING RDP - How to Eavesdrop on Poorly Secured RDP Connections http://bit.ly/2nghFr1
"攻击远程桌面协议(RDP)-如何窃听不安全的 RDP 连接: https://t.co/wxtE0Wk8gv"
-
[ ReverseEngineering ] I added a video to a @ YouTube playlist http://youtu.be/gZN2damgYHg?a How To Call Game Functions C++ x64dbg Hacking Tutorial #2
"如何利用 Cheat Engine、x64dbg、IDA Pro 等逆向工具 Hacking Assault Cube 游戏(video): https://t.co/8ghHcHZEWi "
-
[ Sandbox ] Enter Sandbox – part 14: Reading the old Delphi Scrolls…Dynamic Delphi function hooking in sandboxes http://www.hexacorn.com/blog/2017/03/16/enter-sandbox-part-14-reading-the-old-delphi-scrolls/ #DFIR #malware
"Enter Sandbox – part 14: Reading the old Delphi Scrolls: https://t.co/vSauSAgFzC "
-
[ Tools ] McAfee releases detection tool for Mac EFI rootkits following #Vault7 release showing CIA work on EFI malware. https://t.co/m8bSgO77aj
"CIA 泄露事件之后,Intel(McAfee)安全团队发布了一个针对 EFI Rootkits 的检测工具: https://t.co/m8bSgO77aj"
-
[ Tools ] Peer-to-peer networking library for Android, with Wi-Fi and Bluetooth support.: https://github.com/udark/underdark-android via @ SandeepL337
"Underdark-android -- 一个 Android 中基于 wifi 和蓝牙的P2P 网络库: https://t.co/l3eFKrPazD"
-
[ Tools ] SpamScope - Fast spam analysts tool with Thug and VirusTotal integration by @ fedelemantuano https://github.com/SpamScope/spamscope
"spamscope -- 垃圾邮件分析工具: https://t.co/gq2vb6z9ja "
-
[ Vulnerability ] Ubiquiti 0day command injection in admin interface (as root) @ ubnt didn't patch (3 months after...)… https://t.co/2457bHq7LO
-
[ Windows ] CanSecWest talk on Win10 mitigations with @ epakskape https://www.slideshare.net/mobile/CanSecWest/csw2017-weston-miller-csw17mitigatingnativeremotecodeexecution
"微软在漏洞利用缓解的策略上,尤其是针对 Native 代码执行方面的思考与实践: https://t.co/ZjZMEYCmH0"
-
[ Windows ] my cansecwest 2017 slides "how to find vulnerability to bypass control flow guard" https://www.slideshare.net/mobile/CanSecWest/csw2017-henry-li-how-to-find-the-vulnerability-to-bypass-the-control-flow-guard-30
"如何在拥有任意地址读写的能力下 Bypass CFG。演讲者一共发现了 4 类、共 6 种可以用来 Bypass CFG 的方法,来自 CanSecWest 2017 大会上的 Trend Micro Henry li : https://t.co/WpUkRfXWwL"
-
[ Windows ] [Blog] "Fileless" UAC Bypass using sdclt.exe https://enigma0x3.net/2017/03/17/fileless-uac-bypass-using-sdclt-exe/
"使用 sdclt.exe 在不写入文件的情况下(Fileless)实现 UAC Bypass"
-
[ WirelessSecurity ] YouTube Talk: Hunting Rogue WiFi Devices using the HackRF SDR http://www.rtl-sdr.com/youtube-talk-hunting-rogue-wifi-devices-using-hackrf-sdr/
"利用 HackRF SDR 狩猎 Rogue WiFi 设备(video): https://t.co/fb84OTETEo"
-
[ WirelessSecurity ] A Rolling Code 4-channel UHF Remote Control [PDF] http://www.kitsrus.com/pdf/k180_article.pdf https://t.co/GCWVOaHyMa
"A Rolling Code 4-channel UHF Remote Control: https://t.co/Utn56g3lwH "
