腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Browser ] Exploiting the unexploitable with lesser known browser tricks : https://speakerdeck.com/filedescriptor/exploiting-the-unexploitable-with-lesser-known-browser-tricks (Slides) cc @ filedescriptor
" 利用鲜为人知的浏览器小技巧实现 X-Frame-Options 相关 Web 漏洞的利用 ,来自Appsec EU 2017: https://speakerdeck.com/filedescriptor/exploiting-the-unexploitable-with-lesser-known-browser-tricks "
-
[ Conference ] Blackhat Asia Slides: https://www.blackhat.com/asia-17/briefings.html
" Blackhat Asia Slides: https://www.blackhat.com/asia-17/briefings.html "
-
[ iOS ] [ PAPER ] Hacking iOS Applications - detailed testing guide | https://web.securityinnovation.com/hubfs/iOS%20Hacking%20Guide.pdf #reversing #iOS
" Securiy Innovation 发布的一份非常详细的《Hacking iOS Applications》: https://web.securityinnovation.com/hubfs/iOS%20Hacking%20Guide.pdf "
-
[ Popular Software ] Vulnerability Spotlight: Hangul Word Processor Remote Code Execution Vulnerability http://dlvr.it/P7FRmp
" Cisco Talos 的研究员发现一款韩文处理软件 Hangul Word Processor 存在远程代码执行漏洞(CVE-2017-2819): http://blog.talosintelligence.com/2017/05/vulnerability-spotlight-hangul-word.html?utm_source=dlvr.it&utm_medium=twitter&utm_campaign=Feed%3A+feedburner%2FTalos+%28Talos+Blog%29 分析: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0320 "
-
[ Tools ] Open source QuickSand.io Document Malware analysis tool updated with some safety and performance enhancements https://github.com/tylabs/quicksand_lite/releases/tag/01.01.002
" quicksand_lite - 分析可疑恶意文档的工具,可以识别不同编码下的 exploits 以及提取嵌入文档中的可执行文件: https://github.com/tylabs/quicksand_lite "
-
[ Tools ] Pulsar network fuzzer with automatic protocol learning and simulation capabilites by @ hgascon https://github.com/hgascon/pulsar
" pulsar - 可自动化学习协议并模拟协议通信的网络 Fuzzing 工具: https://github.com/hgascon/pulsar "
-
[ Tools ] JavaScript Reversed TCP Meterpreter Stager https://github.com/Cn33liz/JSMeter/blob/master/JSMeter.js x86/x64 Compatible Stager (Native, No Shellcode) @ TheColonial @ tiraniddo
" TCP Meterpreter Stager 的 JavaScript 版本: https://github.com/Cn33liz/JSMeter "
-
[ Web Security ] The slides for our (@kkotowicz, @sirdarckcat and my) talk about breaking XSS mitigations from @AppSecEU: https://t.co/qonErsWFMM #ROPXSS
" 通过 Script Gadgets 绕过常用 XSS 缓解技术,来自 AppSecEU 2017: http://sebastian-lekies.de/slides/appsec2017.pdf "