腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Linux ] Linux Kernel 3.x usb-midi Local Privilege Escalation https://cxsecurity.com/issue/WLB-2017050093
" Linux Kernel 3.x usb-midi 本地提权漏洞介绍及 PoC(CVE-2016-2384): https://cxsecurity.com/issue/WLB-2017050093 "
-
[ MachineLearning ] Machine Learning and Cyber Security Resources http://fsecurify.com/machine-learning-and-cyber-security/
" 安全相关的机器学习资料收集: http://fsecurify.com/machine-learning-and-cyber-security/ 另外作者还共享了一些用于机器学习的数据,比如 FTP 等协议日志/恶意样本数据/常用密码/威胁情报 等: http://www.secrepo.com/ "
-
[ Others ] Slides from my “Advanced Social Engineering for Red Teams” talk available here: https://github.com/t3ntman/Conference-Talks @ BSidesDEN #BSidesDEN #BSidesDEN17
" 高级社会工程学技巧(pdf),来自 BSides Denver 2017: https://github.com/t3ntman/Conference-Talks/blob/master/Advanced%20Social%20Engineering%20for%20Red%20Teams.pdf "
-
[ Tools ] awesome-compilers : A curated list of awesome resources on Compilers, Interpreters and Runtimes : https://github.com/aalhour/awesome-compilers
" awesome-compilers - 编译器(Compilers)、解释器(Interpreters )、运行时(Runtimes)相关的一些资料整理: https://github.com/aalhour/awesome-compilers "
-
[ Web Security ] I just published “How to bypass libinjection in many WAF/NGWAF” https://medium.com/p/how-to-bypass-libinjection-in-many-waf-ngwaf-1e2513453c0f
" 绕过 libinjection 对 SQL 注入的检测: https://medium.com/@d0znpp/how-to-bypass-libinjection-in-many-waf-ngwaf-1e2513453c0f "
-
[ APT ] FireEye 发布了一份新的 APT 报告: APT 32(海莲花)- 全球企业面临的威胁: https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html
-
[ Fuzzing ] 微软 Build 2017 会议上的一篇视频演讲,How To Fuzz It - Microsoft Security Risk Detection in Practice, Microsoft Security Risk Detection 是微软推出的一个 Fuzzing 测试服务: https://channel9.msdn.com/Events/Build/2017/P4051
-
[ Industry News ] 惠普(HP)发布驱动更新,移除上周推送中提到的 Keylogger,此更新将会通过 Windows Update 渠道分发给用户: https://www.bleepingcomputer.com/news/hardware/hp-releases-driver-update-to-remove-accidental-keylogger/