Tencent Security Xuanwu Lab Daily News

• [Tools, Windows] clong/DetectionLab:
https://github.com/clong/DetectionLab

   ・ DetectionLab - 一套自动化构建 Windows 域环境并安装安全检测相关组件的工具 – Jett

• Easy Hypervisor Heap Visualization with PyPANDA and HeapInspect:
https://www.lukecraig.com/pypanda_heap_inspect/

   ・ Easy Hypervisor Heap Visualization with PyPANDA and HeapInspect – Jett

• GitHub - platomav/BIOSUtilities: Various BIOS Utilities for Modding/Research:
https://github.com/platomav/BIOSUtilities#vaio-packaging-manager-extractor

   ・ 有研究员公开了一个解析并提取 Dell PFS BIOS 固件的工具 – Jett

• New protections for Enhanced Safe Browsing users in Chrome:
http://feedproxy.google.com/~r/GoogleOnlineSecurityBlog/~3/-aonhXBJuDM/new-protections-for-enhanced-safe.html

   ・ Chrome 浏览器将通过机器学习模型的方式检测扩展的安全性 – Jett

• XSS in the AWS Console:
https://frichetten.com/blog/xss_in_aws_console/

   ・ XSS in the AWS Console  – Jett

• Documentation:
https://deps.dev/

   ・ Open Source Insights - Google 开源了可以展示多个开源组件依赖关系的工具，目前已支持 go/cargo/npm 等市场的开源组件 – Jett

• SharpPanda: Chinese APT Group Targets Southeast Asian Government With Previously Unknown Backdoor:
https://research.checkpoint.com/2021/chinese-apt-group-targets-southeast-asian-government-with-previously-unknown-backdoor/

   ・ SharpPanda: Chinese APT Group Targets Southeast Asian Government With Previously Unknown Backdoor。来自 Checkpoint 的 Blog – Jett

• [macOS, iOS] CVE-2021-30724: CVMServer Vulnerability in macOS and iOS:
https://www.trendmicro.com/en_us/research/21/f/CVE-2021-30724_CVMServer_Vulnerability_in_macOS_and_iOS.html

   ・ CVE-2021-30724: CVMServer Vulnerability in macOS and iOS – Jett

• CVE-2021–22201: Arbitrary file read on Gitlab:
https://tradahacking.vn/cve-2021-22201-arbitrary-file-read-on-gitlab-d84d77cd83e3

   ・ Gitlab 任意文件读漏洞分析（CVE-2021–22201） – Jett

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab