腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Browser ] Discontinuing the hardened Tor Browser series https://blog.torproject.org/blog/discontinuing-hardened-tor-browser-series
"TOR 官方表示将停止发布 "安全增强版"的 TOR 浏览器 : https://t.co/AaCpyBWlJb"
-
[ Conference ] Ruxcon (21-22 October, Australia) Call For Presentations released: https://ruxcon.org.au/cfp
"Ruxcon 大会(10月 21-22 日) 开始公开征集议题︰ https://t.co/lxp7R1HfNX"
-
[ Crypto ] Recover a RSA private key from multiple bad public keys in order to forge a sig. Quick intro to the math of RSA: https://t.co/49L5O6S7oM
"从公钥中恢复 RSA 私钥 (video)︰ https://t.co/49L5O6S7oM"
-
[ Malware ] Hajime is a ‘white worm’ that infects and secures vulnerable IoT devices http://bit.ly/2p2XY6n
"蠕虫 Hajime 会感染并加固存在漏洞的 IoT 设备: https://t.co/PcKTx545Va"
-
[ Malware ] Threat Spotlight: Mighty Morphin Malware Purveyors: Locky Returns Via Necurs http://dlvr.it/NxwTkp https://t.co/AIkl54wuVI
" Locky 勒索软件借 Necurs 僵尸网络再次回归: https://t.co/4bextGI2Ah "
-
[ Network ] HTTP Security Response Headers ... https://blog.appcanary.com/2017/http-security-headers.html + https://www.smashingmagazine.com/2017/04/secure-web-app-http-headers/ + https://scotthelme.co.uk/hardening-your-http-response-headers/ + https://t.co/p4f3QrSTkB
"关于 HTTP Headers 的几篇文章,也介绍了不同 Headers 对安全性的影响: https://t.co/brgbEZaW9C + https://t.co/OGD1F9VtrZ + https://t.co/coPKsGBi7c + https://t.co/p4f3QrSTkB"
-
[ Others ] ARM Releases Machine Readable Architecture Specification - https://alastairreid.github.io/alastairreid.github.io/ARM-v8a-xml-release/
"ARM 发布了可机读格式的 ARM v8-A 处理器的架构规范: https://t.co/ZvLU1L7liF"
-
[ Others ] #PowerShell Kernel pwn for @ HackSysTeam Uninitialized Heap Variable => https://github.com/FuzzySecurity/HackSysTeam-PSKernelPwn/blob/master/Kernel_UninitializedHeapVar.ps1 https://t.co/Cv7Xhz6u4d
"HackSysTeam 的未初始化堆变量漏洞利用脚本: https://t.co/TBdMdlMDTi "
-
[ Popular Software ] Abusing native Microsoft Office functionality to gain persistence https://labs.mwrinfosecurity.com/blog/add-in-opportunities-for-office-persistence/
"在 Microsoft Office 中,有多少种方法可以帮助攻击者实现常驻(Persistence)?: https://t.co/zf6Lqm9hTx"
-
[ Tools ] pyt - Security static analysis tool for Python https://github.com/python-security/pyt
"pyt - 一个 Python Web 应用静态分析工具: https://t.co/X1vRiMKXjm "
-
[ Tools ] RT @ libber: Releasing https://github.com/uber/focuson - a python static analysis tool to find security bugs using dataflow analysis.
"focuson - 一款用于挖掘基于 flask 编写的Python Web 应用漏洞的工具: https://t.co/5R2rEjSv1V-python "
-
[ Tools ] Abusing Exchange Mailbox Permissions with MailSniper : http://www.blackhillsinfosec.com/?p=5871 cc @ dafthack https://t.co/YJ5vbtkytv
" Microsoft Exchange 允许用户向其他用户授予不同级别权限,比如允许读自己的收件箱。这篇文章,作者写了一个工具 MailSniper 用于发现这种威胁: https://t.co/nunw6Lj4LK "
-
[ Tools ] Best news: Thanks to Zak Escano, Unicorn now supports MSVC, so you can build Unicorn with Visual Studio on Windows! https://t.co/POO5Oy3h0j
"Unicorn 模拟器引擎支持在 Windows 系统中编译了,需要 VS2012: https://t.co/POO5Oy3h0j"
-
[ Vulnerability ] Oracle VirtualBox Guest Additions (Shared Folders) double-free from unprivileged Windows user-mode guest code https://bugs.chromium.org/p/project-zero/issues/detail?id=1227
"(CVE-2017-3587)VirtualBox 共享文件夹特性 UAF 漏洞(通过 nt!NtQueryDirectoryFile 系统调用触发): https://t.co/DeqZXSYeuD"