* Nicolas Krassas @Dinosn
[ Android ] Hash Suite Droid (Hash Suite for Android). Free and Open Source. https://t.co/iDcWe1Qg8C
"Hash Suite for Android: http://t.cn/RM1rBLi"
* Francisco Alonso @revskills
[ Conference ] Pwn2Own 2017 rules https://t.co/XYmw5Guzq8
"Pwn2Own 2017 大赛规则: http://t.cn/RM1rBLF"
* Philipp Jovanovic @Daeinar
[ Crypto ] NSA publishes key recovery attacks on AES-GCM-SIV: https://t.co/RfGeWipRzr
"AES GCM SIV analysis︰ http://t.cn/RM1rBpN"
* Lukas Stefanko @LukasStefanko
[ IoTDevice ] Nice blog about Hacking Smart Bulbs #IoT #BLE #Exploit https://t.co/gxGLBNsROe https://t.co/imu87lQp9B
"Hacking 智能电灯: http://t.cn/RM1rByi "
* Nicolas Krassas @Dinosn
[ MalwareAnalysis ] New Mac backdoor using antiquated code https://t.co/Tb2tY0mhHW
"新 Mac 恶意软件分析: http://t.cn/RM1rB9e"
* KevinLu @K3vinLuSec
[ MalwareAnalysis ] My new blog: Android Locker Malware uses Google Cloud Messaging Service https://t.co/h3lXXqTe8I @ FortiGuardLabs
"针对利用谷歌云消息服务的 Android Locker 恶意软件分析 http://t.cn/RMmnmAl "
* Binary Defense @Binary_Defense
[ MalwareAnalysis ] New Blog: Dangers of Embedded LNK Files by @ JaredDeMott https://t.co/cHSuruJA95 #BinaryDefense
"Office 文档中存在的嵌入式 LNK 文件危险: http://t.cn/RM1rBCj "
* TrendLabs @TrendLabs
[ MalwareAnalysis ] New post: Uncovering the Inner Workings of EyePyramid https://t.co/YR7JIGiar8 @ TrendMicro
"解密 EyePyramid 恶意软件,来自 TrendMicro: http://t.cn/RM1rBNh"
[ Mobile ] New post: In Review: 2016’s Mobile Threat Landscape Brings Diversity, Scale, and Scope https://t.co/QEXCesVqzH @ TrendMicro
"回顾 2016 年移动安全: http://t.cn/RM1rBpA "
* Tavis Ormandy @taviso
[ Popular Software ] I took a quick look at the extension. There was an easy privileged javascript code execution bug. Sigh.… https://t.co/bjFU3ADp4w
"最近 Adobe Acrobat 强制安装的 Chrome 扩展存在 XSS 漏洞: https://bugs.chromium.org/p/project-zero/issues/detail?id=1088"
* Hossein Lotfi @hosselot
[ Popular Software ] Details of Microsoft Word OneTableDocumentStream vulnerability (CVE-2016-7290): https://t.co/zvcxq6vlXu
"Microsoft Word OneTableDocumentStream 内存下溢漏洞分析 (CVE-2016-7290)︰ http://t.cn/RIbPFaY"
[ Tools ] JudasDNS - Nameserver DNS poisoning attacks made easy https://t.co/vJOXIyJP0x
"JudasDNS -- DNS 投毒工具: http://t.cn/RM1rBOP"
[ Vulnerability ] Analysis of ISC BIND TKEY Query Response Handling DoS (CVE-2016-9131) https://t.co/34WHVcwwLm
"分析 BIND TKEY 查询响应时存在的 DOS 漏洞(CVE-2016-9131): http://t.cn/RM1rBOi"
* hyp @hyp_h5p
[ Vulnerability ] NIce !!!! Happy new year PHP php-gettext: Arbitrary code execution https://t.co/pvpiFJFH50 #InfoSec #PHP #web
"PHP php-gettext 库的 select_string 函数存在任意代码执行漏洞: http://t.cn/RM1rBWv "
* Kafeine @kafeine
[ Vulnerability ] A look at EITest and its newly added "Chrome Font" Social Engineering scheme https://t.co/bWIEoDjyYA https://t.co/Tcmd5whMtK
"针对 Chrome 用户字体的社会工程学攻击计划: http://t.cn/RM1rBWX"
[ Web Security ] Practical JSONP Injection https://t.co/QqFLCFnhbG
"JSONP 注入实战: http://t.cn/RM1rrPU"
* karttoon @noottrak
[ Windows ] New personal blog - "Abusing native Windows functions for shellcode execution", included a tool to gen the VBA code https://t.co/TGD93YNN8b
"利用 Windows API 中的回调函数执行 Shellcode: https://t.co/TGD93YNN8b"
* Xuanwu Spider via phithon's blog
[ Web Security ] eval长度限制绕过 && PHP5.6新特性: https://www.leavesongs.com/PHP/bypass-eval-length-restrict.html
* Xuanwu Spider via Talos 'S blog
[ Popular Software ] Oracle Outside In Technology 存在多个漏洞: http://blog.talosintel.com/2017/01/oit-multiple-rce.html?utm_source=dlvr.it&utm_medium=twitter&utm_campaign=Feed:+feedburner/Talos+(Talos+Blog)&m=1
* Xuanwu Spider via krebsonsecurity
[ Others ] Mirai 恶意软件作者大追踪: https://krebsonsecurity.com/2017/01/who-is-anna-senpai-the-mirai-worm-author/
* Xuanwu Spider via project zero
[ Others ] NVIDIA DxgkDdiEscape Handler 存在一个可控指针写漏洞: https://bugs.chromium.org/p/project-zero/issues/detail?id=911
* 搜索历史推送,请用 Google 以 site 关键词限定搜索,如: site:xuanwulab.github.io android fuzz
* 按天查看历史推送内容: https://xuanwulab.github.io/cn/secnews/2017/01/19/index.html
* 微信公众号: 腾讯玄武实验室
+关注
快速开通微博你可以查看更多内容,还可以评论、转发微博。
