- A+
Tencent Security Xuanwu Lab Daily News
• GitHub - darvincisec/AntiDebugandMemoryDump: Anti-Debug and Anti-Memory Dump for Android:
https://github.com/darvincisec/AntiDebugandMemoryDump
・ AntiDebugandMemoryDump - Anti-Debug and Anti-Memory Dump for Android
– Jett
• [Android] Android Penetration Testing: APK Reversing (Part 2):
https://www.hackingarticles.in/android-penetration-testing-apk-reversing-part-2/
・ Android渗透测试:APK反编译教程(第2部分)。
– lanying37
• Genetics of a Modern IoT Attack - CUJO AI:
https://cujo.com/genetics-of-a-modern-iot-attack/
・ IoT 平台恶意软件攻击模型分析
– Jett
• Ubuntu Security Notice USN-4737-1:
https://packetstormsecurity.com/files/161456
・ Ubuntu安全公告USN-4737-1 :发现Bind9漏洞(CVE-2020-8625)。
– lanying37
• [Tools] [PDF] https://www.cs.purdue.edu/homes/zhan3299/res/SP21a.pdf:
https://www.cs.purdue.edu/homes/zhan3299/res/SP21a.pdf
・ OSPREY: Recovery of Variable and Data Structure via Probabilistic Analysis for Stripped Binary
– Jett
• [PDF] https://www.cs.uic.edu/~polakis/papers/solomos-ndss21.pdf:
https://www.cs.uic.edu/~polakis/papers/solomos-ndss21.pdf
・ 基于浏览器网站图标(favicon)缓存实现对用户的跟踪
– Jett
• Brave Browser leaks your Tor / Onion service requests through DNS.:
https://ramble.pw/f/privacy/2387
・ 有用户发现,Brave 浏览器会通过 DNS 请求泄露用户的所有 Tor、Onion 请求
– Jett
• Zero Day Initiative — ZDI-21-171: Getting Information Disclosure in Adobe Reader Through the ID Tag:
https://bit.ly/3k1eWfS
・ ZDI-21-171:通过利用ID标签在Adobe Reader中获取信息披露。
– lanying37
• [Tools] One thousand and one ways to copy your shellcode to memory (VBA Macros) - Adepts of 0xCC:
https://adepts.of0x.cc/alternatives-copy-shellcode/
・ 在 VBA 宏函数中如何将 Shellcode 拷贝到内存中的 RWX 段
– Jett
• 深入剖析 JavaScript 编译器/解释器引擎 QuickJS - 多了解些 JavaScript 语言 · 戴铭的博客 - 星光社:
https://ming1016.github.io/2021/02/21/deeply-analyse-quickjs/
・ 深入剖析 JavaScript 编译器/解释器引擎 QuickJS
– Jett
• [Tools] BishopFox/GadgetProbe:
https://github.com/BishopFox/GadgetProbe
・ GadgetProbe - Java 反序列化漏洞 Gadget Probe 工具
– Jett
• _xeroxz / bluepill · GitLab:
https://githacks.org/_xeroxz/bluepill
・ Bluepill - Type-2 Intel Hypervisor For Windows 10 Systems
– Jett
• [Tools, Wireless] MilenageTest:
https://github.com/jimtangshfx/MilenageTest
・ MilenageTest - 验证 3G/4G/5G 鉴权验证过程是否正确的工具
– Jett
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
本文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(02-22)