记录黑客技术中优秀的内容,传播黑客文化,分享黑客技术精华

每日安全动态推送(09-07)

2020-09-07 11:55
Tencent Security Xuanwu Lab Daily News


• Kingsoft WPS Office Remote Heap Corruption Vulnerability - Security Research:
http://zeifan.my/security/rce/heap/2020/09/03/wps-rce-heap.html

   ・ WPS Office 堆损坏漏洞 – 靓仔


• GitHub - Nalen98/AngryGhidra: Angr plugin for Ghdira:
https://github.com/Nalen98/AngryGhidra

   ・ Ghdira 插件,为 Ghdira 提供调用 Angr 符号执行引擎的支持 – Jett


• [Web] Prototype pollution - and bypassing client-side HTML sanitizers - research.securitum.com:
https://research.securitum.com/prototype-pollution-and-bypassing-client-side-html-sanitizers/

   ・ 利用 Prototype 污染的方法绕过常见的 HTML XSS 检查器 – Jett


• [Windows] Privilege escalation in Shell Create Object Task Server:
https://docs.google.com/document/d/e/2PACX-1vTP5OvJToWToMOKyeMyPcIPJhqbnESgWY6dYje9seJY96-ezCEJbXsMkfMWhoqPRaCNRs6BOO7urQyF/pub

   ・ Shell Create Object Task Server 本地提权漏洞分析及 PoC – Jett


• Hunting for Goddi – Uncovering MITRE ATT&CK Discovery Tactics & Techniques:
https://awakesecurity.com/blog/hunting-for-goddi-uncovering-mitre-attck-discovery-tactics-techniques/

   ・ 追踪Goddi –探索MITER ATT&CK发现框架策略和技巧。 – lanying37


• [Conference] r2con2020:
http://radare.org/con/2020/youtube

   ・ r2con2020 会议的视频在 Youtube 公开了 – Jett


• 红蓝对抗之邮件钓鱼攻击:
https://security.tencent.com/index.php/blog/msg/165

   ・ 红蓝对抗之邮件钓鱼攻击 – Jett


• [Browser] elttam :: Independent Security Assessment Services:
https://www.elttam.com/blog/simple-bugs-with-complex-exploits/

   ・ Simple Bugs With Complex Exploits, V8 Issue 2046 漏洞分析及利用的细节 – Jett


• [Windows] Pwning Windows Event Logging with YARA rules:
https://blog.dylan.codes/pwning-windows-event-logging/

   ・ 利用规则匹配的方式禁用 Windows Event Logging,避免被防御者检测到 – Jett


• ARM MTE 科普:
https://proteas.github.io/ios/2020/09/04/mte-intro-zhCN.html

   ・ ARM Memory Tagging Extension 保护机制的介绍 – Jett


• WSUS Attacks Part 1: Introducing PyWSUS:
https://www.gosecure.net/blog/2020/09/03/wsus-attacks-part-1-introducing-pywsus/

   ・ WSUS攻击第1部分:PyWSUS简介。 – lanying37


• Source Code Analysis and API Keys Exploitations:
https://medium.com/bugbountywriteup/source-code-analysis-and-api-keys-exploitations-1796b3e731eb?source=rss----7b722bfd1b8d---4

   ・ 源代码分析与利用API密钥研究。 – lanying37


• GitHub - mrphrazer/r2con2020_deobfuscation:
https://github.com/mrphrazer/r2con2020_deobfuscation

   ・ R2Con 2020 会议代码反混淆 Workshop 的 PPT 和工具 – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab



知识来源: https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651956885&idx=1&sn=1432243db98cd10597581389647e6d54

阅读:27418 | 评论:0 | 标签:安全

想收藏或者和大家分享这篇好文章→复制链接地址

“每日安全动态推送(09-07)”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

❤人人都能成为掌握黑客技术的英雄⛄️

ADS

标签云