腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Hardware ] meltdown 漏洞的 arm 平台的 poc: https://github.com/lgeek/spec_poc_arm
-
[ Others ] 使用 PowerShell 诊断脚本执行命令并绕过 AppLocker: https://bohops.com/2018/01/07/executing-commands-and-bypassing-applocker-with-powershell-diagnostic-scripts/
-
[ ReverseEngineering ] 数据库逆向系列工程文章 Part 2: https://medium.com/@MorteNoir/database-reverse-engineering-part-2-main-approaches-ae9355b2d429
-
[ Tools ] Decodify - 自动判断编码方式并解码的工具: https://github.com/UltimateHackers/Decodify
-
[ Tools ] Nintendo Switch Binary loader for IDA Pro 7.0 : https://github.com/pgarba/SwitchIDAProLoader
-
[ Tools ] fuxploider - 文件上传漏洞扫描和利用工具: https://github.com/almandin/fuxploider
-
[ Tools ] GHOSTHOOK - 通过基于处理器追踪的钩子绕过 PATCHGUARD 内核保护: https://www.cyberark.com/threat-research-blog/ghosthook-bypassing-patchguard-processor-trace-based-hooking/
-
-
-
-
[ IoTDevice ] 对华为HG532远程命令执行漏洞的新探索: http://xlab.tencent.com/cn/2018/01/05/a-new-way-to-exploit-cve-2017-17215/
-
[ MalwareAnalysis ] Google Play 从市场中下架了 22 个包含恶意 "LightsOut" 的应用程序: https://threatpost.com/google-play-removes-22-malicious-lightsout-apps-from-marketplace/129328/
-
[ SecurityReport ] Cisco Talos 发布12月29日至1月5日的威胁总结报告: http://blog.talosintelligence.com/2018/01/threat-round-up-1229-0105.html