每日安全动态推送(01-04)

  • A+
所属分类:安全新闻
Tencent Security Xuanwu Lab Daily News


• [Tools] E9Patch - A Powerful Static Binary Rewriter:
https://github.com/GJDuck/e9patch

   ・ E9Patch - A Powerful Static Binary Rewriter – Jett


• Watch Application System in Python:
https://github.com/daniel-thompson/wasp-os

   ・ 基于MicroPython的智能手表开发环境手册指南(包括Pine64 PineTime)项目介绍。 – lanying37


• Resources:
https://github.com/ControlThings-io/ct-samples

   ・ 适用于Control Things Platform用户的样本文件与顶级研究项目。 – lanying37


• #HITBCyberWeek D1 LAB - Qiling Framework with IDA Pro - YouTube:
https://www.youtube.com/watch?v=ykUXUZo8fAk&feature=youtu.be

   ・ HITB Cyber Week 会议的视频 “Qiling Framework with IDA Pro” – Jett


• 新型 Golang 蠕虫在服务器上投放 XMRig Miner 病毒:
https://paper.seebug.org/1440/

   ・ 针对新型 Golang 编写蠕虫在服务器上投放 XMRig Miner 病毒分析。 – lanying37


• GitHub - nikic/PHP-Parser: A PHP parser written in PHP:
https://github.com/nikic/PHP-Parser

   ・ PHP-Parser:用PHP编写的PHP解析器来分析代码工作。  – lanying37


• Japanese Aerospace Firm Kawasaki Warns of Data Breach:
https://threatpost.com/japanese-aerospace-firm-kawasaki-warns-of-data-breach/162642/

   ・ 日本航空航天公司川崎官方警告客户数据泄露。 – lanying37


• GitHub - ihebski/DefaultCreds-cheat-sheet: One place for all the default credentials to assist the pentesters during an engagement / A valid dataset for the data scientist:
https://github.com/ihebski/DefaultCreds-cheat-sheet

   ・ 各类 IoT 设备/Web 组件的默认密码收集 – Jett


• SysWhispers2:
https://github.com/jthuraisamy/SysWhispers2

   ・ SysWhispers2 - 通过直接生成 Syscall 的方式绕过 AV/EDR 的检测 – Jett


• exploits:
https://github.com/scannells/exploits

   ・ 研究员 Simon Scannell 公开的几个 Exploits – Jett


• incolumitas.com – Breaking the Google Audio reCAPTCHA with Google's own Speech to Text API:
https://incolumitas.com/2021/01/02/breaking-audio-recaptcha-with-googles-own-speech-to-text-api/

   ・ 利用 Google 的 “Speech to Text” API 绕过自家的语音验证码 – Jett


• Vimb - the Vim-like browser:
https://github.com/fanglingsu/vimb

   ・ Vimb- 一款Vim的web浏览器项目 – lanying37


• Defences against Cobalt Strike:
https://github.com/MichaelKoczwara/Awesome-CobaltStrike-Defence

   ・ Awesome CobaltStrike Defence 资料整理 – Jett


• Resources:
https://github.com/secdev-01/Interceptor

   ・ 劫持 TLS 流量的 PowerShell 脚本 – Jett


• JavaScriptCore Internals Part II: The LLInt and Baseline JIT:
https://zon8.re/posts/jsc-internals-part2-the-llint-and-baseline-jit/

   ・ JavaScriptCore Internals Part II: The LLInt and Baseline JIT – Jett


• Linux Hardening Guide:
https://madaidans-insecurities.github.io/guides/linux-hardening.html

   ・ Linux 安全加固手册 – Jett


• [Vulnerability] A Modern Exploration of Windows Memory Corruption Exploits - Part I: Stack Overflows:
https://www.forrest-orr.net/post/a-modern-exploration-of-windows-memory-corruption-exploits-part-i-stack-overflows

   ・ 一个普通的栈溢出漏洞在新版本的 Windows 系统中该如何利用 – Jett


• Sign Debugserver:
https://understruction.com/setting-up-ios-debugging

   ・ iOS 越狱调试环境搭建 – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


本文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(01-04)

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: