Tencent Security Xuanwu Lab Daily News
• Panasonic discloses data breach after network hack:
https://www.bleepingcomputer.com/news/security/panasonic-discloses-data-breach-after-network-hack/
・ 日本松下发表声明称本月 11 号发生网络攻击,攻击者已经访问了其文件服务器的数据
– Jett
• A Genetic Binary Trait Lexer Library and Utility:
https://github.com/c3rb3ru5d3d53c/binlex
・ 从恶意软件中提取基本块和函数特征用于识别和检测的工具
– Jett
• Deceive the Heavens to Cross the sea:
https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html
・ 有研究发现,过去 4 个月中,有攻击者通过 Google Play 分发恶意软件感染超过 30 万设备
– Jett
• LinuxFlaw:
https://github.com/mudongliang/LinuxFlaw
・ Linux 平台的漏洞 PoC、Writeup 收集
– Jett
• What does APT Activity Look Like on macOS?:
https://themittenmac.com/what-does-apt-activity-look-like-on-macos/?utm_source=rss&utm_medium=rss&utm_campaign=what-does-apt-activity-look-like-on-macos
・ What does APT Activity Look Like on macOS
– Jett
• GHSL-2021-076: Arbitrary command execution in Gerapy – CVE-2021-32849:
https://securitylab.github.com/advisories/GHSL-2021-076-gerapy/
・ 开源分布式爬虫管理系统 Gerapy 被发现任意命令执行漏洞
– Jett
• README.md:
https://github.com/alipay/Owfuzz
・ owfuzz – WiFi protocol fuzzing tool using openwifi
– Jett
• Linux 与 XNU 的 KPTI 实现解读:
http://paper.seebug.org/1770/
・ Linux 与 XNU 的 KPTI 实现解读
– Jett
• [PDF] http://www.blackstormsecurity.com/docs/BHACK_2021_ALEXANDREBORGES.pdf:
http://www.blackstormsecurity.com/docs/BHACK_2021_ALEXANDREBORGES.pdf
・ Go 二进制程序的逆向分析
– Jett
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(11-30)