记录黑客技术中优秀的内容,传播黑客文化,分享黑客技术精华

每日安全动态推送(01-12)

2021-01-12 14:07
Tencent Security Xuanwu Lab Daily News


• How I stole the data in millions of people’s Google accounts | by Ethan Elshyeb | Jan, 2021 | Medium:
https://ethanblake4.medium.com/how-i-stole-the-data-in-millions-of-peoples-google-accounts-aa1b72dcc075

   ・ How I stole the data in millions of people’s Google accounts – Jett


• Hyper-V debugging for beginners. 2nd edition.:
https://hvinternals.blogspot.com/2021/01/hyper-v-debugging-for-beginners-2nd.html

   ・ Hyper-V debugging for beginners. 2nd edition – Jett


• [macOS, iOS] CVE-2020-9971 Abusing XPC Service mechanism to elevate privilege in macOS/iOS:
https://xlab.tencent.com/en/2021/01/11/cve-2020-9971-abusing-xpc-service-to-elevate-privilege/

   ・ CVE-2020-9971 Abusing XPC Service mechanism to elevate privilege in macOS/iOS,滥用 XPC Service 机制漏洞实现特权提升,影响 macOS/iOS,来自玄武实验室 Zhipeng Huo 的分析 – Jett


• Keep newly created IDBIndex objects in deleted map when IDBTransaction is aborted:
https://git.webkit.org/?p=WebKit-https.git;a=commit;h=3af4373c82d85ce272fa0f7657523a904dac427c

   ・ WebKit IDBIndex UAF 漏洞 Issue – Jett


• Sunburst backdoor – code overlaps with Kazuar:
https://securelist.com/sunburst-backdoor-kazuar/99981/

   ・ Sunburst backdoor – code overlaps with Kazuar – Jett


• Exploiting OAuth: Redirect_URI. OAuth/Open Authentication: | by Gupta Bless | Jan, 2021 | Medium:
https://gupta-bless.medium.com/exploiting-oauth-redirect-uri-3e27de6d7a70

   ・ Exploiting OAuth: Redirect_URI – Jett


• Real World CTF 2020 Game2048 Writeup | r3kapig:
https://r3kapig.com/writeup/20210111-rwctf-game2048/

   ・ Real World CTF 2020 Game2048 Writeup – Jett


• Malware Development: Leveraging Beacon Object Files for Remote Process Injection via Thread Hijacking | Home:
https://connormcgarr.github.io/thread-hijacking/

   ・ Malware Development: Leveraging Beacon Object Files for Remote Process Injection via Thread Hijacking – Jett


• BORG :一个快速进化的僵尸网络:
https://security.tencent.com/index.php/blog/msg/175

   ・ BORG :一个快速进化的僵尸网络 – Jett


• SolarWinds Hack Potentially Linked to Turla APT:
https://threatpost.com/solarwinds-hack-linked-turla-apt/162918/

   ・ SolarWinds 供应链攻击事件被怀疑与俄罗斯 Turla APT 组织有关 – Jett


• EMOTET: a State-Machine reversing exercise:
https://github.com/cecio/EMOTET-2020-Reversing

   ・ EMOTET:通过电子邮件传播方式对其溯源。 – lanying37


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab



知识来源: https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651957181&idx=1&sn=592f939cce47a0d9300233708633580f

阅读:59307 | 评论:0 | 标签:安全

想收藏或者和大家分享这篇好文章→复制链接地址

“每日安全动态推送(01-12)”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

永久免费持续更新精选优质黑客技术文章Hackdig,帮你成为掌握黑客技术的英雄

求赞助求支持·广告位💖

标签云