每日安全动态推送(11-15)
腾讯安全玄武实验室
2021-11-15
投诉
阅读数:7654
[
Malware
] Abcbot — A New Evolving Wormable Botnet Malware Targeting Linux:
https://thehackernews.com/2021/11/abcbot-new-evolving-wormable-botnet.html
・ 奇虎 360 的 Netlab 安全团队的研究人员发现名为“Abcbot”新型僵尸网络恶意软件,该恶意软件对Linux存在安全威胁。 –
lanying37
[
Pentest
] GitOops!:
https://github.com/ovotech/gitoops
・ GitOops - 滥用 CI/CD pipelines 检测 GitHub organizations 横向渗透 –
Jett
[
Tools
] BPF Performance Tools (Book):
https://www.brendangregg.com/bpf-performance-tools-book.html
・ BPF 性能工具推荐书籍。 –
lanying37
[PDF] https://zerodayengineering.com/projects/slides/ZDE2021_AdvancedSimplePwn2Own2021.pdf:
https://zerodayengineering.com/projects/slides/ZDE2021_AdvancedSimplePwn2Own2021.pdf
・ Pwn2Own 2021 比赛 Alisa Esage 所使用的 Parallels Desktop 漏洞的分析 –
Jett
A Peek into Top-Level Domains and Cybercrime:
https://bit.ly/3n3GtjV
・ 探索顶级域安全性研究. –
lanying37
[
Browser
] Exploiting CSP in Webkit to Break Authentication & Authorization:
https://threatnix.io/blog/exploiting-csp-in-webkit-to-break-authentication-authorization/
・ Exploiting CSP in Webkit to Break Authentication & Authorization –
Jett
[
iOS
] exploit writeup:
https://github.com/houjingyi233/macOS-iOS-system-security
・ macOS/iOS 安全方向的漏洞分析文章整理 –
Jett
[
Android
] [PDF] https://i.blackhat.com/EU-21/Wednesday/EU-21-Jin-The-Art-of-Exploiting-UAF-by-Ret2bpf-in-Android-Kernel.pdf:
https://i.blackhat.com/EU-21/Wednesday/EU-21-Jin-The-Art-of-Exploiting-UAF-by-Ret2bpf-in-Android-Kernel.pdf
・ The Art of Exploiting UAF by Ret2bpf in Android Kernel –
Jett
[
Android
] Presentations/Sincon2021.MobileAppHardeningRE.pdf:
https://github.com/su-vikas/Presentations/blob/main/Sincon2021.MobileAppHardeningRE.pdf
・ 移动安全对抗之 App 加固 –
Jett
[
Tools
] horsicq/Detect-It-Easy:
https://github.com/horsicq/Detect-It-Easy
・ 文件类型识别工具 –
Jett
Fuzzing Microsoft's RDP Client using Virtual Channels: Overview & Methodology:
https://thalium.github.io/blog/posts/fuzzing-microsoft-rdp-client-using-virtual-channels/
・ Fuzzing Microsoft's RDP Client using Virtual Channels: Overview & Methodology –
Jett
国家拟建立数据分类分级保护制度:
https://news.sina.com.cn/gov/2021-11-15/doc-iktzscyy5579466.shtml
・ 国家网信办发布关于《网络数据安全管理条例(征求意见稿)》公开征求意见的通知 –
Jett
Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing:
https://www.usenix.org/conference/usenixsecurity22/presentation/scharnowski
・ Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing(Paper) –
Jett
* 查看或搜索历史推送内容请访问:
https://sec.today
* 微信公众号: 腾讯玄武实验室
关注作者,阅读全文
c
还有50%的精彩内容,作者设置为仅对粉丝可见
腾讯安全玄武实验室
http://xlab.tencent.com
+
关注
转发 1
评论
4
快速开通微博
你可以查看更多内容,还可以评论、转发微博。
Ú