腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Firmware ] Unbox Your Phone - TrustZone 的逆向与漏洞攻击: https://medium.com/taszksec/unbox-your-phone-part-i-331bbf44c30chttps://medium.com/taszksec/unbox-your-phone-part-ii-ae66e779b1d6https://medium.com/taszksec/unbox-your-phone-part-iii-7436ffaff7c7
-
[ Fuzzing ] 使用 WinAFL 来 fuzz Hangul(HWP) AppShield: https://www.sigpwn.io/blog/2018/1/29/using-winafl-to-fuzz-hangul-appshield
-
[ Linux ] Linux boot process 分析: https://opensource.com/article/18/1/analyzing-linux-boot-process
-
[ Popular Software ] 利用 npm 包污染的方法,从你的网站偷信用卡账号和密码: https://hackernoon.com/im-harvesting-credit-card-numbers-and-passwords-from-your-site-here-s-how-9a8cb347c5b5
-
[ Tools ] dnscrypt-proxy - 一款 DNS 代理,支持加密的 DNS 协议: https://github.com/jedisct1/dnscrypt-proxy
-
[ Tools ] PHP-Shell-Detector - 由 PHP 编写的识别php/cgi/asp/aspx webshell 的工具: https://github.com/emposha/PHP-Shell-Detector
-
-
-
[ Hardware ] 微软推出了一个例外补丁 KB4078130,用于向用户推送 Intel 修复 Spectre 漏洞的微码补丁: https://support.microsoft.com/en-us/help/4078130/update-to-disable-mitigation-against-spectre-variant-2
-
[ Industry News ] 联想承认Fingerprint Manager存在漏洞 推荐尽快升级: http://www.cnbeta.com/articles/soft/693451.htm
-
[ Popular Software ] Electron 自定义协议命令注入(CVE-2018-1000006)分析和 Url Scheme 安全考古: https://paper.seebug.org/515/
-