腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Browser ] Chrome ASAN Beta 61.0.3163.79 ScriptProcessorHandler::FireProcessEvent UAF 漏洞(CVE-2017-5129): https://bugs.chromium.org/p/chromium/issues/detail?id=765495
-
[ Conference ] CCS 2017 大会所有 paper 放出: https://acmccs.github.io/fullsessions/
-
[ Data Breach ] 美国快时尚品牌 Forever21 承认其客户信用卡数据泄漏,目前泄漏的用户数量不明 : https://threatpost.com/forever-21-says-pos-systems-exposed-customer-data-for-8-months/129271/
-
[ Exploit ] ropchain:ASLR + DEP + stack canaries 绕过: http://www.kvakil.me/posts/ropchain/
-
[ Industry News ] phpMyAdmin 被爆存在 CSRF 漏洞,可允许攻击者‘帮’你删表删数据: http://securityaffairs.co/wordpress/67243/hacking/phpmyadmin-csrf-vulnerability.html
-
[ Industry News ] Inter 处理器芯片设计缺陷迫使 Windows 和 Linux 重新设计内核以解决此芯片级安全问题: https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
-
[ macOS ] MacOS 本地提权漏洞给予攻击者 root 访问权限: https://threatpost.com/macos-lpe-exploit-gives-attackers-root-access/129282/
-
[ Pentest ] 渗透测试中的拒绝服务攻击 Part 1: http://www.hackingarticles.in/dos-penetration-testing-part-1/Part 2: http://www.hackingarticles.in/dos-attack-penetration-testing-part-2/
-
[ Pentest ] Command and Control - Images,在图片中隐藏命令和 Payload 实现 C&C 控制: https://pentestlab.blog/2018/01/02/command-and-control-images/
-
[ Popular Software ] VMware 发布了 3 个关于 vSphere Data Protection(VDP)的重要补丁(CVE-2017-15548, CVE-2017-15549, CVE-2017-15550): https://threatpost.com/vmware-issues-3-critical-patches-for-vsphere-data-protection/129277/
-
[ Popular Software ] 在 Microsoft Word 的图像链接中进行 UNC路径注入: https://blog.netspi.com/microsoft-word-unc-path-injection-image-linking/
-
[ Popular Software ] Working With Sysmon Configurations Like a Pro Through Better Tooling,Sysmon 使用技巧: https://posts.specterops.io/working-with-sysmon-configurations-like-a-pro-through-better-tooling-be7ad7f99a47
-
[ SCADA ] 攻击工业控制系统网关,来自 CCC 大会: https://media.ccc.de/v/34c3-8956-scada_-_gateway_to_s_hell
-
[ SecurityAdvisory ] Android 2018 年 1 月安全公告发布: https://source.android.com/security/bulletin/2018-01-01
-
[ SecurityReport ] 微软 Today in Technology 系列之 2018 十大技术问题聚焦: https://ncmedia.azureedge.net/ncmedia/2018/01/TopTen2018.pdf
-
[ Tools ] XSS 速查表: https://brutelogic.com.br/blog/cheat-sheet/
-
[ Tools ] exploit_me - ARM 应用程序漏洞示例: https://github.com/bkerler/exploit_me
-
[ Tools ] awesome-appsec - 应用安全方向优秀学习资源集合: https://github.com/paragonie/awesome-appsec
-
[ Tools ] wifiphisher - 自动化 WiFi 钓鱼工具: https://github.com/wifiphisher/wifiphisher
-
[ Tools ] Sysmon v7 发布: https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
-
[ Tools ] bugbountyguide - Bug 赏金计划和 Bug 赏金猎人指南: https://github.com/EdOverflow/bugbountyguide
-
[ Windows ] Windows Defender ATP 服务器端点配置: https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection
-
[ MalwareAnalysis ] Trustlook labs 近日发现一个针对韩语使用者的木马: https://blog.trustlook.com/2018/01/02/trojan-utilizes-customized-communication-packets-to-target-korean-speaking-users/
-
-