每日安全动态推送(09-10)

  • A+
所属分类:安全新闻
Tencent Security Xuanwu Lab Daily News


• [Fuzzing] Fuzzing JavaScript Engines with Fuzzilli · Doyensec's Blog:
https://blog.doyensec.com/2020/09/09/fuzzilli-jerryscript.html

   ・ Fuzzing JavaScript Engines with Fuzzilli – Jett


• [Conference] FuzzCon Europe 2020 - Fuzz Your Software:
https://www.youtube.com/playlist?list=PLI0R_0_8-TV4JArtdlgnuPtgXALZxAYqu

   ・ FuzzCon Europe 2020 会议的视频 – Jett


• [Malware] Coming Out of Your Shell: From Shlayer to ZShlayer | SentinelOne:
https://s1.ai/zshlayer

   ・ 从Shlayer到ZShlayer,概述macos恶意软件的发展 – Schwarrzz


• [Tools] Risky Rules:
https://github.com/mrrothe/py365

   ・ 用于扫描检测Office365的脚本集合 – Schwarrzz


• [Windows] Windows Projected File System - NTFS symlink mitigation bypass:
https://docs.google.com/document/d/13ZGDSa4eLRA-Uyhxi52t6U_zb2XXJcBEsEzNUcj7V2o/edit?usp=sharing

   ・ Windows Projected File System NTFS symlink mitigation bypass – Jett


• [Tools] PEzor: powerful tool for bypassing AV solutions • Penetration Testing:
https://securityonline.info/pezor-powerful-tool-for-bypassing-av-solutions/

   ・ PEzor - 一款开源的 PE 文件加壳工具,绕过杀软检测 – Jett


• [Tools] .NET Memory Performance Analysis:
https://github.com/Maoni0/mem-doc/blob/master/doc/.NETMemoryPerformanceAnalysis.md

   ・ .NET内存性能分析 – Schwarrzz


• 给SIM卡上PIN、锁屏不显示通知详情后,你就安全了吗?:
https://zhuanlan.zhihu.com/p/231106722?utm_source=wechat_session

   ・ 研究员 Atum 对另一条推送中手机被盗资金被窃事件的技术分析与思考 – Jett


• [Tools] GitHub - intelowlproject/IntelOwl: Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale:
https://github.com/intelowlproject/IntelOwl

   ・ Intel Owl - 批量收集 IP、文件、域名情报信息的工具 – Jett


• [Windows] Pwning Windows Event Logging with YARA rules:
https://labs.jumpsec.com/2020/09/04/pwning-windows-event-logging-with-yara-rules/

   ・ 使用YARA规则进行Windows事件日志记录 – Schwarrzz


• 一部手机失窃而揭露的窃取个人信息实现资金盗取的黑色产业链:
https://mp.weixin.qq.com/s/3UeZzw2LmPsM3cU7Rhmb8w

   ・ 一部手机失窃而揭露的窃取个人信息实现资金盗取的黑色产业链 – Jett


• Exploiting VLAN Double Tagging:
https://notsosecure.com/exploiting-vlan-double-tagging/

   ・ 利用VLAN双重标记安全漏洞探讨。 – lanying37


• [Linux] Linux System Call Table:
https://chromium.googlesource.com/chromiumos/docs/+/master/constants/syscalls.md

   ・ Linux系统调用表。 – lanying37


• [Tools] Application Security Knowledgebase:
https://ishaqmohammed.me/posts/application-security-knowledgebase/

   ・ Application Security Knowledgebase – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: