腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Attack ] SSRF 利用的新角度 - 攻击流行编程语言的 URL Parsers,来自 BlackHat 会议: https://www.blackhat.com/docs/us-17/thursday/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf
-
[ Attack ] Friday the 13th: JSON Attacks,来自 BlackHat 会议的演讲,介绍针对 JSON serializers 和 .NET serializers 的攻击: https://www.blackhat.com/docs/us-17/thursday/us-17-Munoz-Friday-The-13th-Json-Attacks.pdf
-
[ Fuzzing ] Evolutionary Kernel Fuzzing,来自 Talos 团队研究员在 BlackHat 会议关于 Windows/Linux 内核 Fuzzing 技术的演讲: https://github.com/richinseattle/EvolutionaryKernelFuzzing/blob/master/slides/Evolutionary%20Kernel%20Fuzzing-BH2017-rjohnson-FINAL.pdf
-
[ Mobile ] Defeating Samsung KNOX with zero privilege,来自科恩实验室 Di Shen 在 BlackHat 会议关于三星 KNOX 的演讲: https://www.blackhat.com/docs/us-17/thursday/us-17-Shen-Defeating-Samsung-KNOX-With-Zero-Privilege.pdf
-
[ Tools ] Intel Management Engine firmware loader plugin for ID: https://github.com/embedi/meloader
-
[ Tools ] sandsifter - 一款 x86 处理器 Fuzz 工具: https://github.com/xoreaxeaxeax/sandsifter
-
[ Tools ] DefPloreX - 用于大规模电子犯罪取证的机器学习工具包: http://blog.trendmicro.com/trendlabs-security-intelligence/defplorex-machine-learning-toolkit-large-scale-ecrime-forensics/