腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Others ] Practical Mitigation of Data-only Attacks against Page Tables https://www.internetsociety.org/sites/default/files/ndss2017_05B-4_Davi_paper.pdf
"DEP/CFI 等防护措施都是以内核页表(Page Table)不被篡改为条件的,这篇 Paper 提出针对页表的纯数据(Data-only)攻击: https://t.co/JKW3fB8srO "
-
[ Others ] How Malformed RTF Defeats Security Engines : http://blog.talosintelligence.com/2017/03/how-malformed-rtf-defeats-security.html cc @ r00tbsd https://t.co/nBc9mATJNF
"Talos 研究员尝试利用畸形 RTF 文件攻击反病毒软件的 Parsers︰ https://t.co/DNT4UmI5nb "
-
[ Others ] [remote] - NETGEAR WNR2000v5 - (Un)authenticated hidden_lang_avi Stack Overflow (Metasploit) https://www.exploit-db.com/exploits/41719/
"NETGEAR WNR2000v5 hidden_lang_avi 栈溢出的 Metasploit 漏洞利用脚本: https://t.co/ENVpQwtw7V"
-
[ Others ] Stealing #NetNTLM hashes via #XXE Read more: http://wp.me/p3N54q-Bl https://t.co/DP1cMVkZO2
"各种窃取 NetNTLM Hash 的方式︰ https://t.co/DnJ8WWHX6F "
-
[ Tools ] xxe-recursive-download - exploits XXE to retrieve files from a target server https://goo.gl/fCnsmh https://t.co/H2oTeNawxC
"一个利用 XXE 漏洞从目标服务器检索文件的工具: https://t.co/5Q13654qIg https://t.co/H2oTeNawxC"
-
[ Tools ] The USB Wi-Fi Ducky: inject keystrokes remotely with @ arduino and @ ESP8266 https://github.com/spacehuhn/wifi_ducky https://t.co/kmb4EypVe1
"wifi_ducky -- 可通过 WiFi 控制的 BadUSB 设备,可以执行 Ducky 攻击脚本: https://t.co/4bfPYo59rJ "
-
[ Web Security ] CORS — a guided tour : Cross-origin resource sharing : https://medium.com/statuscode/cors-a-guided-tour-4e72230a8739#.mswz0ka0u cc @ g33konaut
" CORS 跨源资源共享教程︰ https://t.co/OqaeNBNZii "
-
[ Windows ] LPE vulnerabilities exploitation on Windows 10 Anniversary Update - https://2016.zeronights.ru/wp-content/uploads/2016/12/Win10LPE.pdf & http://cvr-data.blogspot.co.uk/2016/11/lpe-vulnerabilities-exploitation-on.html
"ZeroNights 2016 会议上一篇关于 Windows 10 RS1 本地提权漏洞利用的演讲: https://t.co/RCpKu9z9Bh https://t.co/Usl7BQoG2E"