腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Detect ] Patch-related Vulnerability Detection Based on Symbolic Execution http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=7867765 /cc @ Laughing_Mantis
"基于符号执行的思路,从 Patch 补丁代码中检测新漏洞的引入: https://t.co/21bScHeWBw "
-
[ Linux ] The Linux kernel user’s and administrator’s guide : https://01.org/linuxgraphics/gfx-docs/drm/admin-guide/index.html
"Linux 内核指南︰ https://t.co/W5iPKNTIcC"
-
[ macOS ] Two Bugs, One Func() - Part 2 : a kernel info leak 0-day : https://objective-see.com/blog/blog_0x1B.html ,Part 1 :… https://twitter.com/i/web/status/850287507359096832
"Two Bugs, One Func, macOS 一个 kernel panic,part 1: https://t.co/DHvs6u42wR part 2︰ https://t.co/O0DlHGfwfT "
-
[ MalwareAnalysis ] Blog post: Critical Office Zero-Day Attacks Detected in the Wild https://securingtomorrow.mcafee.com/mcafee-labs/critical-office-zero-day-attacks-detected-wild/. #zeroday #0day #APT #CyberAttack
"McAfee 检测到了在野外利用的 Office 0day ,该漏洞与 OLE 相关: https://t.co/uDFGkQBiKw"
-
[ Popular Software ] 0-Day SQL Injection in TYPO3 News module, exploit available https://www.ambionics.io/blog/typo3-news-module-sqli
"开源内容管理系统 TYPO3 中的 News system 模块存在 SQL 注入漏洞,此文章对漏洞进行了分析与利用: https://t.co/byb7D6mGV6"
-
[ Virtualization ] Project Zero blog: "Pandavirtualization: Exploiting the Xen hypervisor" by @ tehjh - https://googleprojectzero.blogspot.com/2017/04/pandavirtualization-exploiting-xen.html
"Xen hypervisor 的跨虚拟机代码执行漏洞,64-bit PV guest ROOT 权限用户可以在其他 PV guest 执行 ROOT Shell(CVE-2017-7228): https://t.co/KNBa8qpypD"
-
[ Windows ] Slides for my COM talk at @ InfiltrateCon. https://goo.gl/cL9Zd2
"《60 秒了解 COM 的内幕与攻击面》, 来自 James Forshaw 在 Infiltrate 2017 会议的演讲: https://t.co/gu3Y9WxrXP"
-
[ Windows ] Understanding CIA's Grasshopper Builder for Windows Malware : https://wikileaks.org/vault7/document/Grasshopper-v2_0_2-UserGuide/Grasshopper-v2_0_2-UserGuide.pdf , UMBRAGE: StolenGoods : https://wikileaks.org/vault7/document/StolenGoods-2_1-UserGuide/StolenGoods-2_1-UserGuide.pdf (pdf)
"CIA 泄露的 Windows Installer 定制工具 - Grasshopper 使用手册︰ https://t.co/G9PdKvFHFd 还有一个 Grasshopper 的常驻控制模块 StolenGoods(PDF): https://t.co/DZCjV14eEs "