每日安全动态推送(08-28)

admin 腾讯玄武实验室 2019-08-28


Tencent Security Xuanwu Lab Daily News


• 开源蜜罐测评报告 - FreeBuf互联网安全新媒体平台: 
https://www.freebuf.com/articles/paper/207739.html

   ・ 数据库、Web、服务等类型开源蜜罐项目的测评 – Jett


• [Tools] LO! An LLVM Obfuscator: 
https://media.ccc.de/v/Camp2019-10299-lo_an_llvm_obfuscator

   ・ CCC CAMP 2019 会议上有研究者发布了一款基于 LLVM 的代码混淆工具 – Jett


• Hack the Hacker – Fuzzing Mimikatz On Windows With WinAFL & Heatmaps (0day): 
https://sec-consult.com/en/blog/2017/09/hack-the-hacker-fuzzing-mimikatz-on-windows-with-winafl-heatmaps-0day/

   ・ 用WinAFL Fuzz Windows Binary的实践分享,新颖之处是作者利用了内存访问的热图来精简输入种子大小 – LW


• [Fuzzing] google/fuzzing: 
https://github.com/google/fuzzing

   ・ Google 建了一个 Fuzzing Repo,用来放 Fuzzing 相关的文档、教程等资源 – Jett


• PicoDMA: DMA Attacks At Your Fingertips: 
https://speakerdeck.com/jsandin/picodma-dma-attacks-at-your-fingertips

   ・ PicoDMA - 指尖的 DMA 攻击工具 – Jett


• [Tools] Verifpal: 
https://verifpal.com/

   ・ Verifpal - 利用符号化的形式验证方法检验加密协议安全性的工具 – Jett


• [Malware] [PDF] https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/baldr-vs-the-world.pdf: 
https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/baldr-vs-the-world.pdf

   ・ Sophos 对 Baldr 密码窃取程序的分析报告 – Jett


• [PDF] https://media.defcon.org/DEF%20CON%2027/DEF%20CON%2027%20presentations/DEFCON-27-Nicolas-Oberli-Poking-the-S-in-SD-cards.PDF: 
https://media.defcon.org/DEF%20CON%2027/DEF%20CON%2027%20presentations/DEFCON-27-Nicolas-Oberli-Poking-the-S-in-SD-cards.PDF

   ・ SD 卡以及 SD卡通信协议相关的安全性研究,来自 DEFCON – Jett


• [Android] Malicious App on Google Play Tallies 100 Million Downloads: 
https://threatpost.com/malicious-app-tallies-100-million-downloads/147748/

   ・ Google Play 市场的 OCR 软件 CamScanner 被发现下载加密恶意代码 – Jett


• Lojack’d: Pwning Smart vehicle trackers: 
https://www.pentestpartners.com/security-blog/lojackd-pwning-smart-vehicle-trackers/

   ・ 车辆跟踪系统 LoJack 的认证系统 API 存在漏洞,可以被利用实现实时跟踪汽车 – Jett


* 查看或搜索历史推送内容请访问: 
https://sec.today

* 新浪微博账号: 腾讯玄武实验室 
https://weibo.com/xuanwulab

    已同步到看一看

    发送中

    本站仅按申请收录文章,版权归原作者所有
    如若侵权,请联系本站删除
    觉得不错,分享给更多人看到
    腾讯玄武实验室 热门文章:

    BadTunnel:跨网段劫持广播协议    阅读/点赞 : 3386/54

    安全动态推送春节合辑(上)    阅读/点赞 : 449/5

    每日安全动态推送(02-21)    阅读/点赞 : 392/4

    每日安全动态推送(03-13)    阅读/点赞 : 390/6

    每日安全动态推送(09-19)    阅读/点赞 : 380/4

    每日安全动态推送(10-11)    阅读/点赞 : 378/4

    每日安全动态推送(06-20)    阅读/点赞 : 368/6

    每日安全动态推送(10-19)    阅读/点赞 : 344/4

    每日安全动态推送(11-25)    阅读/点赞 : 331/4

    每日安全动态推送(07-18)    阅读/点赞 : 320/4

    腾讯玄武实验室 微信二维码

    腾讯玄武实验室 微信二维码