Author: Guannan Wang, Guancheng Li of Tencent Security Xuanwu [...]
一月 25, 2024
虚假的安全:五大Android厂商自带隐私保护应用脆弱性分析及漏洞利用
Author: Xiangqian Zhang, Huiming Liu of Tencent Security Xuanwu [...]
七月 8, 2021
Domain Borrowing: 一种基于CDN的新型隐蔽通信方法
作者:腾讯安全玄武实验室 dlive, saltCDN(Content Delivery Network) 是云服务厂商提供的一种Web内容加速分发服务。
七月 8, 2021
深入分析Adobe忽略了6年的PDF漏洞
本文详细分析了 Adobe Acrobat Reader / Pro DC 中近期修复的安全漏洞 CVE-2019-8014 。有趣的是,Adobe 在六年前修复了一个类似的漏洞 CVE-2013-2729 ,正是由于对该漏洞的修复不够完善,才使得 CVE-2019-8014 [...]
六月 21, 2021
全网筛查 WinRAR 代码执行漏洞 (CVE-2018-20250)
作者:lywang, dannyweiWinRAR 作为最流行的解压缩软件,支持多种压缩格式的压缩和解压缩功能。今天,Check Point公司的安全研究员 Nadav Grossman 公开了他在 WinRAR 中发现的一系列漏洞。其中以 ACE [...]
六月 21, 2021
从一起“盗币”事件看以太坊存储 hash 碰撞问题
Author : Kai Song(exp-sky)、hearmen、salt、sekaiwu of Tencent Security Xuanwu Lab十一月六日,我们观察到以太坊上出现了这样一份合约,经调查发现是某区块链安全厂商发布的一份让大家来“盗币”的合约。
六月 21, 2021
来自微信外挂的安全风险
玄武实验室联合独立安全研究员 em 发现在 Mac OS 上用户量比较大的两款微信防撤回外挂存在安全问题,装了此外挂的用户只要在浏览器里访问攻击者页面并停留一分钟左右,攻击者即可拿到该用户的好友列表,聊天记录,甚至以该用户的身份给好友发送消息,对用户的信息安全造成巨大威胁。
六月 21, 2021
利用恶意页面攻击本地Xdebug
TL;DR
PHP开发者以及一些安全研究人员经常会在本地搭建一个基于Xdebug的PHP的调试服务,在大部分配置情况下,Xdebug采用HTTP请求头中的X-Forwarded-For字段作为DBGp协议的回连地址。受害者浏览攻击页面一段时间,攻击者可利用DNS [...]
六月 21, 2021
对华为HG532远程命令执行漏洞的新探索
2017年11月27日Check Point 公司报告了一个华为 HG532 系列路由器的远程命令执行漏洞,漏洞编号为CVE-2017-17215。利用该漏洞,向路由器UPnP服务监听的37215端口发送一个特殊构造的 HTTP [...]
六月 21, 2021
We Have Moved!
To better serve our readers, we have moved from GitHub static page to a standalone website.You can now star or full-text search archived contents!
二月 19, 2019
We Have Moved!
To better serve our readers, we have moved from GitHub static page to a standalone website.You can now star or full-text search archived contents!
二月 19, 2019
We Have Moved!
To better serve our readers, we have moved from GitHub static page to a standalone website.You can now star or full-text search archived contents!
二月 19, 2019
We Have Moved!
To better serve our readers, we have moved from GitHub static page to a standalone website.You can now star or full-text search archived contents!
二月 19, 2019
We Have Moved!
To better serve our readers, we have moved from GitHub static page to a standalone website.You can now star or full-text search archived contents!
二月 19, 2019
We Have Moved!
To better serve our readers, we have moved from GitHub static page to a standalone website.You can now star or full-text search archived contents!
二月 19, 2019
We Have Moved!
To better serve our readers, we have moved from GitHub static page to a standalone website.You can now star or full-text search archived contents!
二月 19, 2019
We Have Moved!
To better serve our readers, we have moved from GitHub static page to a standalone website.You can now star or full-text search archived contents!
二月 19, 2019
We Have Moved!
To better serve our readers, we have moved from GitHub static page to a standalone website.You can now star or full-text search archived contents!
二月 19, 2019
We Have Moved!
To better serve our readers, we have moved from GitHub static page to a standalone website.You can now star or full-text search archived contents!
二月 19, 2019
We Have Moved!
To better serve our readers, we have moved from GitHub static page to a standalone website.You can now star or full-text search archived contents!
二月 19, 2019
We Have Moved!
To better serve our readers, we have moved from GitHub static page to a standalone website.You can now star or full-text search archived contents!
二月 19, 2019
We Have Moved!
To better serve our readers, we have moved from GitHub static page to a standalone website.You can now star or full-text search archived contents!
二月 19, 2019
We Have Moved!
To better serve our readers, we have moved from GitHub static page to a standalone website.You can now star or full-text search archived contents!
二月 19, 2019
We Have Moved!
To better serve our readers, we have moved from GitHub static page to a standalone website.You can now star or full-text search archived contents!
二月 19, 2019
XuanwuLab Security Daily News Push – 2019-01-29
Tencent Xuanwu Lab Security Daily News[�Attack�] ��攻击 Helm 在 Kubernetes [...]
一月 29, 2019
XuanwuLab Security Daily News Push – 2019-01-29
Tencent Xuanwu Lab Security Daily News[ Attack ] 攻击 Helm 在 Kubernetes 上的默认安装: [...]
一月 29, 2019
XuanwuLab Security Daily News Push – 2019-01-28
Tencent Xuanwu Lab Security Daily News[ Defend ] 在 Linux 内核中是如何减少 C [...]
一月 28, 2019
XuanwuLab Security Daily News Push – 2019-01-27
Tencent Xuanwu Lab Security Daily News[ Vulnerability ] 链接多个 URL [...]
一月 27, 2019
XuanwuLab Security Daily News Push – 2019-01-26
Tencent Xuanwu Lab Security Daily News[ Firmware ] 使用 IDA 分析 ARM [...]
一月 26, 2019
XuanwuLab Security Daily News Push – 2019-01-25
Tencent Xuanwu Lab Security Daily News[ Attack ] 如何通过 vim [...]
一月 25, 2019