每日安全动态推送(11-25)

Admin 腾讯玄武实验室 2016-11-25

Xuanwu Lab Security Daily News


  • Matthew Green @matthew_d_green

    [ Android ]  I wrote up some thoughts on what I view as the limitations of Android N's new device encryption: https://t.co/MSma9g8gPP

    " Android N 加密的局限性︰ https://t.co/MSma9g8gPP"


  • Binni Shah @binitamshah

    [ Attack ]  Practical Phishing Automation with PhishLulz : https://t.co/MMGhDIfZ3p (Slides) cc @antisnatchor

    "利用自动化钓鱼框架 PhishLulz 进行钓鱼实战,来自  KiwiCon 2016 大会议题: http://t.cn/RfCknwo "


  • Zerodium @Zerodium

    [ Industry News ]  We expand our Android #0day acquisitions (RCE or LPE) from the usual Samsung/Google/Sony to other devices: Huawei, Lenovo, Xiaomi, Oppo, HTC

    "Zerodium 开始收购国产 Android 手机 0day,包括:  华为、 联想、 小米、 Oppo、 HTC"


  • Aditya Gupta @adi1391

    [ IoTDevice ]  Get started with Zigbee security analysis and setting up a vulnerable Zigbee lab with this blog post - https://t.co/sTWVTpwcyg

    "Zigbee 的安全性与 IoT 设备的漏洞利用: http://t.cn/RfCknwm"


  • Nicolas Krassas @Dinosn

    [ Linux ]  Linux Kernel 2.6.32-642 / 3.16.0-4 'inode' Integer Overflow PoC https://t.co/12dC50qXMk

    "Linux Kernel 2.6.32-642 / 3.16.0-4 'inode' 整数溢出漏洞 PoC :http://t.cn/RfCknws"


  • Binni Shah @binitamshah

    [ Linux ]  Wget < 1.18 Access List Bypass / Race Condition Vuln. Exploit : https://t.co/sdzDcW997m

    "GNU Wget < 1.18 条件竞争漏洞(含 PoC)︰ http://t.cn/RfCknA5"


  • hyp @hyp_h5p

    [ Linux ]  Possible Integer Overflow in Kernel Linux - IPV4 - ip_tunnel.chttps://t.co/Tm0If0tU0Y https://t.co/w3midmwOEj #kernel #linux #infosec

    "Kernel Linux - IPV4 - ip_tunnel.c Integer Overflow:http://t.cn/RfCknA8  http://t.cn/RfCknAi "


  • Raj Samani @Raj_Samani

    [ Malware ]  Gatak #malware "In 62% of incidents, lateral movement across the victim’s network occurs within 2hrs of infection,” https://t.co/Br2UhOjL6t

    "医疗行业成为 Gatak 木马主要目标: https://t.co/Br2UhOjL6t"


  • Nicolas Krassas @Dinosn

    [ Others ]  Command Injection/Elevation – Environment Variables Revisited https://t.co/EuC8MXUYZ6

    "代码注入/提权 – 再谈环境变量: http://t.cn/RfCknAD"


  • Ulf Frisk @UlfFrisk

    [ Others ]  KASLRfinder writeup: Windows 10 KASLR recovery with TSX https://t.co/wfEO6V4kiM

    "利用 TSX 突破 Windows 10 KASLR : http://t.cn/RfCkn4q"


  • Binni Shah @binitamshah

    [ Others ]  Derandomizing latest Windows 10 Kernel (CVE-2016-7255 exploit): https://t.co/MVdEfTEib7 ,Slides : https://t.co/hnaOWHg2WK cc @kiqueNissim

    "利用 CVE-2016-7255 攻破 Windows 10 Kernel ASL︰http://t.cn/RfCkn46 ,此利用来自 ZeroNights 2016 大会议题:I Know Where Your Page Lives - De-Randomizing the Latest Windows 10 Kernel(slides)︰ http://t.cn/RfCkn49 "


  • Binni Shah @binitamshah

    [ Tools ]  FRIEND - Flexible Register/Instruction Extender aNd Documentation : https://t.co/hNVY8kQ35B cc @getorix https://t.co/bbozelo4Xy

    "FRIEND -- 一个灵巧的寄存器/指令文档 IDA 插件:https://github.com/alexhude/FRIEND"


  • Duncan Ogilvie @mrexodia

    [ Tools ]  unlinker - A program for extracting functions from a PE file for later reuse https://t.co/G8Ssn1Ntu6

    "unlinker --  rip functions out of Visual C++ compiled binaries and produce Visual C++ COFF object files: http://t.cn/RfCknx7 "


  • x64dbg @x64dbg

    [ Tools ]  xAnalyzer Reviewed by @yunietps https://t.co/IeReQJ6VuA #x64dbg #blog #infosec

    "x64dbg xAnalyzer Reviewed: http://t.cn/RfCknx5 "



本站仅按申请收录文章,版权归原作者所有
如若侵权,请联系本站删除
觉得不错,分享给更多人看到
腾讯玄武实验室 热门文章:

BadTunnel:跨网段劫持广播协议    阅读/点赞 : 3386/54

安全动态推送春节合辑(上)    阅读/点赞 : 449/5

每日安全动态推送(02-21)    阅读/点赞 : 392/4

每日安全动态推送(03-13)    阅读/点赞 : 390/6

每日安全动态推送(09-19)    阅读/点赞 : 380/4

每日安全动态推送(10-11)    阅读/点赞 : 378/4

每日安全动态推送(06-20)    阅读/点赞 : 368/6

每日安全动态推送(10-19)    阅读/点赞 : 344/4

每日安全动态推送(11-25)    阅读/点赞 : 331/4

每日安全动态推送(07-18)    阅读/点赞 : 320/4

腾讯玄武实验室 微信二维码

腾讯玄武实验室 微信二维码

数据

阅读 331
点赞 4
更新 11月27日 0:19