- A+
Tencent Security Xuanwu Lab Daily News
• [Fuzzing] Fuzzing JavaScript Engines with Fuzzilli · Doyensec's Blog:
https://blog.doyensec.com/2020/09/09/fuzzilli-jerryscript.html
・ Fuzzing JavaScript Engines with Fuzzilli
– Jett
• [Conference] FuzzCon Europe 2020 - Fuzz Your Software:
https://www.youtube.com/playlist?list=PLI0R_0_8-TV4JArtdlgnuPtgXALZxAYqu
・ FuzzCon Europe 2020 会议的视频
– Jett
• [Malware] Coming Out of Your Shell: From Shlayer to ZShlayer | SentinelOne:
https://s1.ai/zshlayer
・ 从Shlayer到ZShlayer,概述macos恶意软件的发展
– Schwarrzz
• [Tools] Risky Rules:
https://github.com/mrrothe/py365
・ 用于扫描检测Office365的脚本集合
– Schwarrzz
• [Windows] Windows Projected File System - NTFS symlink mitigation bypass:
https://docs.google.com/document/d/13ZGDSa4eLRA-Uyhxi52t6U_zb2XXJcBEsEzNUcj7V2o/edit?usp=sharing
・ Windows Projected File System NTFS symlink mitigation bypass
– Jett
• [Tools] PEzor: powerful tool for bypassing AV solutions • Penetration Testing:
https://securityonline.info/pezor-powerful-tool-for-bypassing-av-solutions/
・ PEzor - 一款开源的 PE 文件加壳工具,绕过杀软检测
– Jett
• [Tools] .NET Memory Performance Analysis:
https://github.com/Maoni0/mem-doc/blob/master/doc/.NETMemoryPerformanceAnalysis.md
・ .NET内存性能分析
– Schwarrzz
• 给SIM卡上PIN、锁屏不显示通知详情后,你就安全了吗?:
https://zhuanlan.zhihu.com/p/231106722?utm_source=wechat_session
・ 研究员 Atum 对另一条推送中手机被盗资金被窃事件的技术分析与思考
– Jett
• [Tools] GitHub - intelowlproject/IntelOwl: Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale:
https://github.com/intelowlproject/IntelOwl
・ Intel Owl - 批量收集 IP、文件、域名情报信息的工具
– Jett
• [Windows] Pwning Windows Event Logging with YARA rules:
https://labs.jumpsec.com/2020/09/04/pwning-windows-event-logging-with-yara-rules/
・ 使用YARA规则进行Windows事件日志记录
– Schwarrzz
• 一部手机失窃而揭露的窃取个人信息实现资金盗取的黑色产业链:
https://mp.weixin.qq.com/s/3UeZzw2LmPsM3cU7Rhmb8w
・ 一部手机失窃而揭露的窃取个人信息实现资金盗取的黑色产业链
– Jett
• Exploiting VLAN Double Tagging:
https://notsosecure.com/exploiting-vlan-double-tagging/
・ 利用VLAN双重标记安全漏洞探讨。
– lanying37
• [Linux] Linux System Call Table:
https://chromium.googlesource.com/chromiumos/docs/+/master/constants/syscalls.md
・ Linux系统调用表。
– lanying37
• [Tools] Application Security Knowledgebase:
https://ishaqmohammed.me/posts/application-security-knowledgebase/
・ Application Security Knowledgebase
– Jett
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab