腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Android ] Here it is: 3rd part of my #Android Hacking with Frida tutorial. @OWASP UnCrackable2 with @fridadotre and @radareorg https://t.co/D1D1NHjkaE
"Hacking Android apps with FRIDA 系列之三: https://t.co/D1D1NHjkaE"
-
[ Browser ] Microsoft IE: Memory corruption in CStyleSheetArray::BuildListOfMatchedRules https://bugs.chromium.org/p/project-zero/issues/detail?id=1118
"Microsoft IE 11.576.14393.0 CStyleSheetArray::BuildListOfMatchedRules 内存破坏漏洞(CVE-2017-0202): https://bugs.chromium.org/p/project-zero/issues/detail?id=1118"
-
[ Browser ] See what we've been up to in Chrome Security in Q1! https://groups.google.com/a/chromium.org/d/msg/security-dev/tIlW-LN-X1I/vvnK3fxqAgAJ
" Chrome 的安全团队对一季度 Chrome 浏览器安全相关动态的回顾,除了常规的漏洞修复,还有 CFG 启用、CSP、Site Isolation: https://t.co/6I5b7c4DsY 关于 Site Isolation,Chromium 的有专门文档介绍: https://www.chromium.org/developers/design-documents/site-isolation "
-
[ Crypto ] My #OPCDE talk slides "15 ways to break #RSA #security": https://speakerdeck.com/rlifchitz/15-ways-to-break-rsa-security cc @ iotcert @ opcde #crypto #cryptography #attacks enjoy :)
"15 ways to break RSA security: https://t.co/tBYJ9MgV4m "
-
[ Industry News ] Hackers exploited Word flaw for months while Microsoft investigated : http://www.reuters.com/article/us-microsoft-cyber-idUSKBN17S32G
"前几周刚刚修复的 Office Word CVE-2017-0199 高危漏洞,从爱达荷州立大学一名毕业生报告到修复花了 6 个月时间,而攻击者在微软 "修复中" 的过程中就开始发起攻击了︰ https://t.co/MY11xdp2JS"
-
[ Industry News ] German car industry plans to close OBD interface http://www.eenewsautomotive.com/news/german-car-industry-plans-close-obd-interface
"德国汽车行业计划一步步地禁用汽车的 OBD 调试接口: https://t.co/77khjlTpis"
-
[ IoTDevice ] nice table summarizing IoT protocols: http://glowlabs.co/wireless-protocols/
"IoT 设备无线协议对照表︰ https://t.co/evVU0Udwc5"
-
[ Linux ] 10 vulnerabilities patched in Ubuntu. at least 5 of them were found by syzkaller (@dvyukov and @andreyknvl ) https://t.co/5kSemaHPUv
"Ubuntu 16.04 LTS 发布漏洞公告,修复了 10 个漏洞: https://t.co/5kSemaHPUv"
-
[ Others ] [Technical Advisory] Command Injection & CSRF in #Quantenna Chip Affecting Multiple Networking Devices https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/april/technical-advisory-quentanna/
"Quantenna 多款网络设备(包括智能 WiFi 路由器)的 Web 管理接口存在一个 CSRF 漏洞,利用这个漏洞可以实现命令注入: https://t.co/853VP1uefR "
-
[ Pentest ] Detecting Lateral Movements in Windows Infrastructure http://cert.europa.eu/static/WhitePapers/CERT-EU_SWP_17-002_Lateral_Movements.pdf #Windows #PenTest #CyberSecurity… https://t.co/pTaX3L5cSD
"检测 Windows 架构中的横向渗透攻击,来自欧洲 CERT: http://cert.europa.eu/static/WhitePapers/CERT-EU_SWP_17-002_Lateral_Movements.pdf "
-
[ Programming ] Linux Programming – Signals the easy way : https://www.stev.org/post/linuxprogrammingsignalstheeasyway
" Linux 编程中的信号量讲解︰ https://t.co/CfORxYE7I5"
-
[ SecurityReport ] We track > 100 threat actors & sophisticated malicious ops targeting comm & gov organizations in ~ 80 countries https://t.co/0ZHF8mhARa #APT
"Kaspersky 实验室出的 2017年第一季度 APT 趋势报告,数据来自他们对超过一百个攻击组织的追踪,被攻击的商业组织和政府部门遍布 80 多个国家: https://t.co/0ZHF8mhARa "
-
[ Tools ] Execute Infra PenTest engagements faster! http://goo.gl/PLuejR Automated Scripts for Information gathering, Vulnerability analysis, etc.
"Pentest-Scripts - 常用的渗透测试脚本收集: https://t.co/o8kDu21rRd "
-
[ Tools ] .@ OWASP #iOS mobile security testing with Frida tutorial. UnCrackable1 w/ @ fridadotre https://www.nowsecure.com/blog/2017/04/27/owasp-ios-crackme-tutorial-frida/ cc @ muellerberndt
"如何用 Frida 破解 OWASP 移动安全测试 CrackMe 赛题 : https://t.co/PquAtAU1Ew "
-
[ Tools ] InfectPE - Inject custom code into PE file : https://github.com/secrary/InfectPE , Windows x86 binary : https://github.com/secrary/InfectPE/releases
"InfectPE - 向 PE 文件中注入自定义 Shellcode 的工具,仅支持32位可执行文件: https://github.com/secrary/InfectPE"
-
[ Tools ] Leviathan Framework : wide range mass audit toolkit : https://github.com/leviathan-framework/leviathan cc @ utku1337 || @ ozgebarbaros
"leviathan - 大型安全审计工具包,支持大范围的服务探测、暴力破解、SQL注入检测以及运行自定义漏洞利用模块︰ https://t.co/6LMO6BuE8t "
-
[ Tools ] Introducing GitPitch – Markdown Presentations for Devs on GitHub and GitLab : https://github.com/gitpitch/gitpitch
"GitPitch - 一个以幻灯片方式快速呈现 Git Repo 的工具,仅需要添加一个 PITCHME.md 文件 : https://t.co/7ZD6vrTNIX"
-
[ Vulnerability ] Vulnerability Spotlight: Multiple Vulnerabilities in Zabbix http://blog.talosintelligence.com/2017/04/zabbix-multiple-vulns.html
" Zabbix 网络监控系统被发现了两个漏洞,一个 Zabbix Proxy API 远程代码执行(CVE-2017-2824)和一个 Zabbix Proxy SQL 数据库写漏洞(CVE-2017-2825): https://t.co/9XJ0lyHObx "
-
[ Vulnerability ] StringBleed : SNMP authentication bypass https://stringbleed.github.io/# // CVE 2017-5135
" Stringbleed - SNMP v1/v2 被爆存在一个严重的认证绕过漏洞(CVE-2017-5135),甚至可以获得完全的远程读写权限: https://t.co/cO7uqFs6d1 "
