腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
Previous
2019/02/13
Next
[�Detect�]��如何检测 BloodHound: https://www.stuffithoughtiknew.com/2019/02/detecting-bloodhound.html
[�Firmware�]��使用非法操作码对 x86 CPU 进行指纹识别: https://x86.lol/generic/2019/02/08/fingerprint.html
[�IoTDevice�]��MikroTik RouterOS 漏洞挖掘技术分享: https://medium.com/tenable-techblog/make-it-rain-with-mikrotik-c90705459bc6
[�Linux�]��Ubuntu Linux dirty_sock 本地提权漏洞利用: https://shenaniganslabs.io/2019/02/13/Dirty-Sock.html
[�Malware�]��SGX-ROP – 使用 Intel SGX 的 Enclave 恶意软件,paper: https://arxiv.org/abs/1902.03256� PoC: https://github.com/sgxrop/sgxrop
[�Malware�]��在冗余的�x86�指令编码中隐藏数据: http://x86.lol/2019/02/12/steganography.html
[�Pentest�]��漏洞赏金中 XXE 盲打并使用 DNS 外带信息的实际案例视频讲解: https://www.youtube.com/watch?v=f3SXDBMGGb8
[�Pentest�]��在不知道 MySQL 列名的情况下泄露数据的 SQL 注入技巧: https://blog.redforce.io/sqli-extracting-data-without-knowing-columns-names/
[�SecurityAdvisory�]��Microsoft 发布 2019 年 2 月安全更新: https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/51503ac5-e6d2-e811-a983-000d3a33c573� 致谢信息: https://portal.msrc.microsoft.com/en-us/security-guidance/acknowledgments
[�Tools�]��IoTSecurity101 – IoT 安全方向优秀资源索引: https://github.com/V33RU/IoTSecurity101
[�Tools�]��CookieMonster – 从浏览器提取凭证和 cookie 的工具(目前仅支持��Chrome): https://github.com/rasta-mouse/CookieMonster
[�Tools�]��mesos – Windows 下的二进制代码覆盖调试工具: https://github.com/gamozolabs/mesos
[�Tools�]��CompareCoverage� – 用于跟踪 C/C++ 中变量和缓冲区的实时变化并保存的工具: https://github.com/googleprojectzero/CompareCoverage
[�Tools�]��idenLib – 识别库函数的工具集: https://github.com/secrary/idenLib
[�Tools�]��使用 Windows Defender ATP 检查 RubberDucky 及邪恶鼠标等硬件攻击: https://medium.com/@maarten.goet/defending-against-weaponized-hardware-windows-defender-atp-microsoft-intune-to-the-rescue-80aba28067fe
[�Virtualization�]��runc 容器逃逸漏洞(CVE-2019-5736)及利用介绍 : 1) https://www.exploit-db.com/exploits/463592) https://github.com/feexd/pocs3) https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html
[�Vulnerability�]���macOS Mojave 曝安全漏洞可访问受限目录,恶意软件可监控 Safari 访问历史: https://thehackernews.com/2019/02/macos-mojave-privacy-hack.html
[�Vulnerability�]��YouTube Studio 两处漏洞详情披露: https://www.linkedin.com/pulse/hacking-youtube-fun-profit-alexandru-coltuneac/
[�Pentest�]��白帽子黑客训练 Part 6 – 后渗透: https://www.prismacsi.com/en/6-post-exploitation/
[�Virtualization�]��关于多租户容器间安全隔离的思考: https://blog.jessfraz.com/post/secret-design-docs-multi-tenant-orchestrator/
Previous
2019/02/13
Next