腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Conference ] CCC SHA2017 会议的视频资料公开了: https://berlin.ftp.media.ccc.de/events/SHA2017/h264-sd/
-
[ Others ] 几款主流语言的密码学安全伪随机数生成器(CSPRNG)的安全性研究: https://www.slideshare.net/a_z_e_t/lecture-because-use-urandom-isnt-everything-a-deep-dive-into-csprngs-in-operating-systems-programming-languages
-
[ Tools ] NSA 利用 XKeyscore 间谍工具嗅探高级目标计算机上报的 Windows WER(错误报告)信息: http://www.spiegel.de/international/world/the-nsa-uses-powerful-toolbox-in-effort-to-spy-on-global-networks-a-940969-2.html
-
[ Tools ] Hackazon - Rapid7 开源的 Web 漏洞练习框架,类似 Hacksys 的 HEVD: https://github.com/rapid7/hackazon
-
[ iOS ] iOS 越狱开发者 Siguza 和 tihmstar 今日正式发布了 iOS 9.3.5 不完美越狱: http://www.cnbeta.com/articles/tech/638919.htm
-
[ Popular Software ] Supervisord远程命令执行漏洞(CVE-2017-11610): https://www.leavesongs.com/PENETRATION/supervisord-RCE-CVE-2017-11610.html
-
[ Tools ] IPAPatch : 又一款无需越狱向第三方app注入代码的工具,支持lldb调试和链接扩展框架。 来自 riusksk's weibo: http://weibo.com/1963193953/FfXiQE7eN?ref=home&rid=13_0_8_2676188092028197808