• TSRC,腾讯安全的先头兵,肩负腾讯公司安全漏洞、黑客入侵的发现和处理工作;

  • 这是个没有硝烟的战场,我们与两万多名安全专家并肩而行,捍卫全球亿万用户的信息、财产安全;

  • 一直以来,我们怀揣感恩之心,努力构建开放的TSRC交流平台,回馈安全社区;

  • 未来,我们将继续携手安全行业精英,探索互联网安全新方向,建设互联网生态安全,共铸“互联网+”新时代。

ID Company Product Date Type VID Details
Nicky Microsoft Cortana 2018-07-15 Android App RCE - Microsoft Security
Wenxiang Qian / libcivetweb 2018-06-22 Out-of-Bounds CVE-2018-12684 CVE ORG
Wenxiang Qian / libcivetweb 2018-06-22 Information Leak CVE-2018-12685 CVE ORG
Wenxiang Qian / libcivetweb 2018-06-22 Remote Code Execution CVE-2018-12686 CVE ORG
Nicky & Xbalien XiaoMi MI AI Speaker 2018-06-08 Remote Command Execute - XiaoMi Security
riusksk Google TensorFlow 2018-06-01 Out-of-bounds Read CVE-2018-7574 Google Security
riusksk Google TensorFlow 2018-06-01 Null Pointer Dereference CVE-2018-7576 Google Security
Bo Zhang Google TensorFlow 2018-06-01 Out-of-bounds Read CVE-2018-8825 Google Security
Bo Zhang Google TensorFlow 2018-06-01 Out-of-bounds Read CVE-2018-7575 Google Security
Bo Zhang Google TensorFlow 2018-06-01 memcpy-param-overlap CVE-2018-7577 Google Security
Bo Zhang Google TensorFlow 2018-06-01 heap buffer overflow CVE-2018-10055 Google Security
Bo Zhang Google Android 2018-05-25 Out-of-Bounds CVE-2017-15853 Android Security
Peter Pi Qualcomm Android 2018-05-11 Elevation of Privilege CVE-2018-3571 Qualcomm Security
Peter Pi Qualcomm Android 2018-05-11 Elevation of Privilege CVE-2018-3572 Qualcomm Security
Peter Pi Qualcomm Android 2018-04-25 Elevation of Privilege CVE-2018-3563 Qualcomm Security
Zhiyang Zeng Apple iMessage 2018-04-24 UI spoofing CVE-2018-4187 Apple Security
saiy TOPThink ThinkPHP 2018-04-10 SQL Injection -
Peter Pi Google Android 2018-04-05 Information Leak CVE-2018-9421 Android Security
Peter Pi Google Android 2018-04-05 Information Leak CVE-2018-9420 Android Security
Peter Pi Google Android 2018-04-05 Information Leak CVE-2018-9345 Android Security
Peter Pi Google Android 2018-04-05 Information Leak CVE-2018-9346 Android Security
Zhiyang Zeng Apple Safari 2018-03-29 UI spoofing CVE-2018-4134 Apple Security
Peter Pi Qualcomm Android 2018-03-29 Elevation of Privilege CVE-2017-15829 Qualcomm Security
Peter Pi Qualcomm Android 2018-03-29 Elevation of Privilege CVE-2017-15820 Qualcomm Security
Peter Pi Qualcomm Android 2018-03-29 Elevation of Privilege CVE-2017-14886 Qualcomm Security
Peter Pi Google Android 2018-03-06 Elevation of Privilege CVE-2017-13269 Android Security
ZhangBo Google Android 2018-03-06 Elevation of Privilege CVE-2017-18069 Android Security
Xiling Gong Google Android 2018-02-05 Elevation of Privilege CVE-2017-15852 Android Security
ZhangBo Google Android 2018-02-05 Elevation of Privilege CVE-2015-9016 Android Security
Peter Pi Qualcomm Android 2018-01-26 Elevation of Privilege CVE-2017-14873 Qualcomm Security
Wolfu Google Android 2018-01-05 Elevation of Privilege CVE-2017-13219 Android Security
Wolfu Google Android 2018-01-05 Elevation of Privilege CVE-2017-13207 Android Security
Peter Pi Qualcomm Android 2017-12-14 Elevation of Privilege CVE-2017-11031 Qualcomm Security
riusksk Adobe Acrobat Pro DC 2017-11-15 Memory Corruption CVE-2017-11293 Adobe Security
riusksk Adobe Acrobat Pro DC 2017-11-15 Memory Corruption CVE-2017-16408 Adobe Security
riusksk Adobe Acrobat Pro DC 2017-11-15 Memory Corruption CVE-2017-16409 Adobe Security
riusksk Adobe Acrobat Pro DC 2017-11-15 Memory Corruption CVE-2017-16410 Adobe Security
riusksk Adobe Acrobat Pro DC 2017-11-15 Memory Corruption CVE-2017-16411 Adobe Security
riusksk Adobe Acrobat Pro DC 2017-11-15 Memory Corruption CVE-2017-16399 Adobe Security
riusksk Adobe Acrobat Pro DC 2017-11-15 Memory Corruption CVE-2017-16395 Adobe Security
riusksk Adobe Acrobat Pro DC 2017-11-15 Memory Corruption CVE-2017-16394 Adobe Security
riusksk Adobe Adobe Digital Editions 2017-11-15 Memory Corruption CVE-2017-11301 Adobe Security
Bo Zhang Google Android 2017-11-07 Elevation of Privilege CVE-2017-11600 Android Security
Peter Pi Google Android 2017-11-07 Elevation of Privilege CVE-2017-11091 Android Security
Xiling Gong Google Android 2017-11-07 Elevation of Privilege CVE-2017-9690 Android Security
Wolfu Google Android 2017-11-07 Elevation of Privilege CVE-2017-0863 Android Security
Wolfu Google Android 2017-11-07 Elevation of Privilege CVE-2017-11073 Android Security
Wolfu Google Android 2017-11-07 Elevation of Privilege CVE-2017-11093 Android Security
Zhiyang Zeng Apple Safari 2017-11-01 URL Spoofing CVE-2017-13790 Apple Security
Peter Pi Google Android 2017-10-03 Elevation of Privilege CVE-2017-11046 Android Security
Wolfu Google Android 2017-10-03 Elevation of Privilege CVE-2017-11050 Android Security
Wolfu Google Android 2017-10-03 Elevation of Privilege CVE-2017-11051 Android Security
Wolfu Google Android 2017-10-03 Elevation of Privilege CVE-2017-11067 Android Security
riusksk Apple Xcode 2017-09-20 Memory Corruption CVE-2017-7076 Apple Security
riusksk Apple Xcode 2017-09-20 Memory Corruption CVE-2017-7134 Apple Security
riusksk Apple Xcode 2017-09-20 Memory Corruption CVE-2017-7135 Apple Security
riusksk Apple Xcode 2017-09-20 Memory Corruption CVE-2017-7136 Apple Security
riusksk Apple Xcode 2017-09-20 Memory Corruption CVE-2017-7137 Apple Security
Bo Zhang Red Hat Linux kernel 2017-09-07 Denial of Service CVE-2017-12153 Redhat Security
riusksk Adobe Acrobat Reader 2017-08-09 Memory Corruption CVE-2017-3016 Adobe Security
riusksk Adobe Adobe Digital Editions 2017-08-09 Memory Corruption CVE-2017-11280 Adobe Security
riusksk Apple macOS 2017-07-20 Out-of-Bounds CVE-2017-7015 Apple Security
riusksk Apple macOS 2017-07-20 Out-of-Bounds CVE-2017-7016 Apple Security
riusksk Apple macOS 2017-07-20 Stack Overflow CVE-2017-7033 Apple Security
Zhiyang Zeng Apple Safari 2017-07-20 Memory Corruption CVE-2017-7019 Apple Security
Xiling Gong Google Android 2017-07-06 Information Disclosure CVE-2017-0708 Android Security
Xbalien Google Android 2017-07-06 Elevation of privilege CVE-2017-0704 Android Security
Xbalien Google Android 2017-07-06 Information Disclosure CVE-2017-0669 Android Security
Xiling Gong Google Chrome 2017-06-16 Out-of-Bounds CVE-2017-5088 Chrome Security
riusksk Adobe Adobe Digital Editions 2017-06-14 Out-of-Bounds CVE-2017-3093 Adobe Security
riusksk Adobe Adobe Digital Editions 2017-06-14 Stack Overflow CVE-2017-3094 Adobe Security
riusksk Adobe Adobe Digital Editions 2017-06-14 Stack Overflow CVE-2017-3095 Adobe Security
riusksk Adobe Adobe Digital Editions 2017-06-14 Memory Corruption CVE-2017-3096 Adobe Security
Zhiyang Zeng Google Chrome 2017-06-05 Logical Vulnerability CVE-2017-5085 Chrome Security
Xiling Gong Google Android 2017-06-05 Elevation of privilege CVE-2017-8236 Android Security
Zhiyang Zeng & Yuyang Zhou Apple Safari 2017-05-16 URL Spoofing CVE-2017-2500 Apple Security
Zhiyang Zeng Apple Safari 2017-05-16 URL Spoofing CVE-2017-2511 Apple Security
Xiling Gong Google Android 2017-05-05 Elevation of privilege CVE-2017-0597 Android Security
riusksk Adobe Acrobat Reader 2017-04-12 Out-of-Bounds CVE-2017-3040 Adobe Security
riusksk Adobe Acrobat Reader 2017-04-12 Memory Corruption CVE-2017-3039 Adobe Security
kimyok Adobe Acrobat Reader 2017-04-12 Memory Corruption CVE-2017-3017 Adobe Security
kimyok Adobe Acrobat Reader 2017-04-12 Memory Corruption CVE-2017-3018 Adobe Security
kimyok Adobe Acrobat Reader 2017-04-12 Memory Corruption CVE-2017-3024 Adobe Security
kimyok Adobe Acrobat Reader 2017-04-12 Memory Corruption CVE-2017-3025 Adobe Security
kimyok Adobe Acrobat Reader 2017-04-12 Memory Corruption CVE-2017-3065 Adobe Security
Zhiyang Zeng / MyBB 2017-04-04 XSS CVE-2017-8103 CVE ORG
Zhiyang Zeng / MyBB 2017-04-04 Directory Traversal CVE-2017-8104 CVE ORG
riusksk Apple macOS/iOS 2017-03-28 Heap Overflow CVE-2017-2379 Apple Security
riusksk Apple macOS/iOS 2017-03-28 Denial of Service CVE-2017-2417 Apple Security
riusksk Apple macOS/iOS 2017-03-28 Out-of-Bounds CVE-2017-2487 Apple Security
riusksk Apple macOS/iOS 2017-03-28 Memory Corruption CVE-2017-2406 Apple Security
riusksk Apple macOS/iOS 2017-03-28 Memory Corruption CVE-2017-2407 Apple Security
kimyok Apple macOS 2017-03-28 Memory Corruption CVE-2017-2431 Apple Security
kimyok Apple macOS 2017-03-28 Double Free CVE-2017-2435 Apple Security
Yuyang Zhou Apple Safari 2017-03-28 URL Spoofing CVE-2017-2376 Apple Security
深夜饮酒 Apple Safari 2017-03-28 spoofing CVE-2017-2389 Apple Security
Nicky Huawei EMUI 2017-03-23 Bluetooth Unlock Bypassing CVE-2017-2728 Security Advisories
zhaohuan Apple mfi.apple.com 2017-03-07 Server Configuration - Apple Security
zhaohuan Apple developer.apple.com 2017-03-07 Server Configuration - Apple Security
zhaohuan Apple ara.apple.com 2017-03-07 Server Configuration - Apple Security
riusksk Foxit Foxit Reader 2017-03-02 Memory Corruption CVE-2017-5989 Security Bulletins
Nicky Huawei EMUI 2017-02-23 Remote Code Execution CVE-2017-2699 Security Advisories
riusksk Adobe Acrobat Reader 2017-02-16 Heap Overflow CVE-2017-2959 Adobe Security
Peter Pi Qualcomm Android 2017-02-16 Elevation of Privilege CVE-2018-11047 Qualcomm Security
Peter Pi Qualcomm Android 2017-02-16 Elevation of Privilege CVE-2018-15826 Qualcomm Security
Nicky LineCorp Line 2017-01-13 Cross Site Script / HallofFame
Xbalien Google Android 2017-01-04 Elevation of Privilege CVE-2017-0395 Android Security
riusksk / libarchive 2016-12-29 Use After Free CVE-2016-10080 CVE ORG
kimyok / libwebp 2016-12-16 Memory Corruption CVE-2016-9969 CVE ORG
riusksk Apple macOS/iOS 2016-12-14 Out-of-Bounds CVE-2016-7595 Apple Security
riusksk Apple macOS/iOS 2016-12-14 Out-of-Bounds CVE-2016-4691 Apple Security
riusksk Apple macOS 2016-12-14 Memory Corruption CVE-2016-7618 Apple Security
riusksk Apple macOS 2016-12-14 Memory Corruption CVE-2016-7622 Apple Security
riusksk / giflib 2016-12-13 Out-of-Bounds CVE-2016-9944 CVE ORG
riusksk / OpenJPEG 2016-12-07 Memory Corruption CVE-2016-9890 CVE ORG
Xbalien Google Android 2016-12-06 Elevation of Privilege CVE-2016-6771 Android Security
riusksk / libxml2 2016-12-05 Out-of-Bounds CVE-2016-9833 CVE ORG
kimyok Google pdfium 2016-12-04 Out-of-Bounds CVE-2016-9805 CVE ORG
riusksk / OpenJPEG 2016-12-01 Memory Corruption CVE-2016-9753 CVE ORG
kimyok Google VRCore 2016-11-30 Auth Bypass / Google VRP
kimyok Google syncadapters 2016-11-19 Auth Bypass / Google VRP
Nicky / ExponentCMS 2016-11-11 SQL Injection CVE-2016-9272 Github Issue
askyshang Google Android 2016-11-01 Denial of service CVE-2016-6713 Android Security
riusksk Apple Mac OS X 2016-09-21 Memory Corruption CVE-2016-4779 HT207170
riusksk Apple Xcode 2016-09-14 Memory Corruption CVE-2016-4705 HT207140
Yuyang Zhou Google Chrome 2016-08-21 Scheme bypass CVE-2016-5193 Google Security
Yuyang Zhou Mozilla Firefox 2016-08-04 same-origin policy bypass CVE-2016-5291 Mozilla Security
深夜饮酒 Google Chrome 2016-07-21 Content-Security-Policy bypass CVE-2016-5135 Chrome Security
Xiling Gong Google Android 2016-07-07 Elevation of privilege CVE-2016-3745 Android Security
Xiling Gong Google Android 2016-06-06 Information Disclosure CVE-2016-2499 Android Security
Nicky Lenovo ShareIt 2016-05-19 UXSS CVE-2016-4783 LEN-6421
Nicky Lenovo ShareIt 2016-05-19 Intent Scheme URL attack CVE-2016-4782 LEN-6421
riusksk / libgd 2016-05-01 Double Free CVE-2016-4413 libgd bug 208
Nicky / dotCMS 2016-04-12 SQL Injection CVE-2016-2355 dotCMS SI-35
riusksk / libav 2016-03-18 Memory Corruption CVE-2016-3184 libav bug 930
riusksk Yahoo WebMail 2016-03-18 XSS / Hackerone
riusksk / libav 2016-03-11 Memory Corruption CVE-2016-3062 libav bug 929
riusksk Adobe Flash Player 2016-03-11 Memory Corruption CVE-2016-0992 APSB16-08
Do9gy / Cacti 2016-03-07 SQL Injection CVE-2016-3172 Cacti 0002667
zhaohuan / JiveSoftware 2016-02-03 Directory Traversal CVE-2016-2534 EDB-ID 39405
riusksk / libtiff 2015-12-28 Heap Overflow CVE-2015-8668 Redhat Bug 129425
Do9gy / phpMyAdmin 2015-12-25 Info Leak CVE-2015-8669 PMASA-2015-6
riusksk && monster Lakala Lakala POS 2015-10-24 Access Control Weakness / GeekPwn2015
riusksk Suning ifPay 2015-10-24 Remote Code Execution / GeekPwn2015
zhuliang iBoxPay iBoxPay POS 2015-10-24 Access Control Weakness / GeekPwn2015
nicky ChangDi Changdi Smart Oven 2015-10-24 Authentication Bypass / GeekPwn2015
Gmxp DJI Phantom Drone 2015-10-24 Authentication Bypass / GeekPwn2015
Gmxp Apple XcodeGhost 2015-09-12 Backdoor / TSRC Blog
monster Yeahka Yeahka POS 2014-12-23 Access Control Weakness / GeekPwn2014
riusksk Konke Konke Smart Plug 2014-10-24 Authentication Bypass / GeekPwn2014
monster Baidu iermu Camera 2014-10-24 Authentication Bypass / GeekPwn2014
Gmxp Sciener Sciener Smart Door Lock 2014-10-24 Info Leak & Authentication Bypass / GeekPwn2014
zhaohuan Ebay WebSite 2014-06-10 Remote Code Execution / Ebay
zhaohuan Yahoo WebSite 2014-04-01 Remote Code Execution / Hackerone
zhaohuan Evernote WebSite 2014-04-01 Remote Code Execution / Evernote
dragonltx Apple QuickTime Player 2014-02-25 Heap Overflow CVE-2014-1249 HT202932
riusksk Alibaba WebSite 2014-01-11 Multiple Dom XSS / ASRC
riusksk NetEase WebSite 2013-07-17 Multiple Remote Code Execution / NSRC
riusksk Baidu WebSite 2013-07-17 Multiple Remote Code Execution / BSRC
riusksk Baidu WebSite 2013-07-03 Multiple SQL Injection / BSRC
riusksk Microsoft DirectShow 2013-02-12 Heap Overflow CVE-2013-0077 MS13-011
zhaohuan PayPal WebSite 2013-02-11 Multiple XSS / Paypal
riusksk NetEase WebSite 2013-01-17 Multiple Dom XSS / NSRC
xti9er && chouqiu / phpMyAdmin && SourceForge 2012-09-25 Backdoor CVE-2012-5159 PMASA-2012-5 SourceForge blog
zhaohuan Microsoft WebSite 2012-01-01 SQL Injection && XSS / Microsoft
lake2 Adobe Flash Player 2011-01-01 Cross-domain Policy Bypass CVE-2011-2458 APSB11-28
lake2 Adobe Flash Player 2009-07-30 Heap Overflow CVE-2009-1862 APSB09-10

腾讯安全应急响应中心(TSRC)认为腾讯安全的发展离不开广大互联网企业、安全公司以及民间安全社团的大力支持与协助,我们愿意同这些机构进行更加深入的交流和资源共享。更多位置虚位以待。

腾讯安全应急响应中心长期面向社会招聘安全开发,安全运营人员,工作地点均在深圳。腾讯提供业界具有竞争力的薪酬水平、海量用户对个人技能意志的磨练、庞大体系对合作共赢的追求,是您挑战巅峰、实现自我的不二选择。

  • 安全开发工程师

    负责安全检测系统相关的架构设计和后台开发。

    负责安全防护系统相关的架构设计和后台开发。

  • 网络安全工程师

    负责对DDoS攻击与防护技术跟踪、深入研究、并指导、改进现有安全产品。

    参与公司网络安全体系设计及建设。

  • 安全分析运营工程师

    结合大数据,对攻击、入侵、漏洞、终端等安全风险现状、趋势做深入分析;对相关的风险情况做有效梳理展现。

    负责制定相关数据运营分析平台方案。

  • 大数据研发工程师

    负责基于腾讯的海量数据,建立相应的威胁分析实时后台系统。(Hadoop、Pentaho、Storm)

  • 终端开发工程师

    负责终端安全组件的架构设计、代码开发工作。跟进Android安全技术的发展,解决开发过程中的关键问题和技术难题。

    协助开发经理保证开发工作的质量和进度。

  • 终端安全工程师

    终端安全漏洞研究。

    腾讯终端产品安全漏洞挖掘。

  • 移动安全高级研究员

    负责对Android、Linux进行系统级研究。

    负责系统漏洞保护,包括现有漏洞和潜在的漏洞风险。

    负责产品漏洞分析,并给出修正方案。

如有意向,请将您的简历发送到 security@tencent.com,邮件标题中请注明【简历】。