腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Attack ] Here's my presentation from #sp4rkcon 2017. http://www.bigendiansmalls.com/sp4rkcon-2017-hacking-mainframes-for-cics-and-giggles/ SP4RKCON 2017 – Hacking mainframes for CICS and giggles
"Hacking IBM CICS 大型主机: https://t.co/EKAHFN1DiY "
-
[ Forensics ] New Presentation: Logs Unite! - Forensic Analysis of Apple Unified Logs http://www.mac4n6.com/blog/2017/4/1/new-presentation-logs-unite-forensic-analysis-of-apple-unified-logs #DFIR #mac4n6 #logs #macadmin
-
[ IoTDevice ] ASUS B1M projector remote root exploit (0day) : https://www.myhackerhouse.com/asus-b1m-projector-remote-root-0day/ cc @ hackerfantastic https://t.co/1V1dj8eOfv
"华硕 B1M 投影仪 remote root exploit ︰ https://t.co/zDU66ADAYz "
-
[ Linux ] I've just fully rewrited eight part of the #linux #kernel initialization process about scheduler initialization - https://t.co/afgEKKI2KQ
"Linux Insides 系列文章之内核调度器的初始化: https://t.co/afgEKKI2KQ"
-
[ Operating System ] fluttershy.py - local root exploit for PonyOS 4.0 dynamic linker https://github.com/HackerFantastic/Public/blob/master/exploits/fluttershy.py :-) cc @ kevinlange https://t.co/IQP2uxHD6o
"PonyOS 4.0 运行 setuid 时未检查环境变量导致本地提权漏洞: https://t.co/DbmDfv5JIg"
-
[ Others ] How we exploited a remote execution vulnerability in math.js https://capacitorset.github.io/mathjs/
" math.js RCE: https://t.co/ARbcZ597gB "
-
[ Tools ] box-js : A tool for studying JavaScript malware : https://github.com/CapacitorSet/box-js
"box-js - 恶意JavaScript 分析工具︰ https://t.co/oyvLTIQvmd"
-
[ Tools ] New tool: https://github.com/rasta-mouse/Sherlock
"Sherlock -- 用于快速寻找 Windows 未安装补丁的本地提权漏洞的 PowerShell 脚本︰ https://t.co/pMn42yAA5D"
-
[ Tools ] Tunnel TCP Through WebSockets (CLI Tool) https://github.com/derhuerst/tcp-over-websockets#tcp-over-websockets
"tcp-over-websockets - 基于 WebSockets 的 TCP 隧道: https://t.co/N0EBjBEGr3"