记录黑客技术中优秀的内容,传播黑客文化,分享黑客技术精华

每日安全动态推送(09-16)

2020-09-16 12:53
Tencent Security Xuanwu Lab Daily News


• Persisting in svchost.exe with a Service DLL:
https://www.ired.team/offensive-security/persistence/persisting-in-svchost.exe-with-a-service-dll-servicemain

   ・ 使用服务DLL文件加载到系统进程svchost.exe中方法。 – lanying37


• GitHub - HenryHoggard/awesome-arm-exploitation: A collection of awesome videos, articles, books and resources about ARM exploitation.:
https://github.com/HenryHoggard/awesome-arm-exploitation

   ・ Awesome ARM Exploitation  – Jett


• [Web] How I hacked redbus [An online bus-ticketing application]:
https://medium.com/bugbountywriteup/how-i-hacked-redbus-an-online-bus-ticketing-application-24ef5bb083cd?source=rss----7b722bfd1b8d---4

   ・ How I hacked redbus – Jett


• [Tools] Creating patched binaries for pentesting purposes:
https://isc.sans.edu/diary/rss/26560

   ・ 创建修补二进制文件进行渗透测试.  – lanying37


• [Fuzzing, Tools] Microsoft announces new Project OneFuzz framework, an open source developer tool to find and fix bugs at scale:
https://www.microsoft.com/security/blog/2020/09/15/microsoft-onefuzz-framework-open-source-developer-tool-fix-bugs/

   ・ 微软宣布开源 OneFuzz 框架,帮助开发者在开发测试过程中发现安全漏洞 – Jett


• CVE-2020-16171: Exploiting Acronis Cyber Backup for Fun and Emails:
https://www.rcesecurity.com/2020/09/CVE-2020-16171-Exploiting-Acronis-Cyber-Backup-for-Fun-and-Emails/

   ・ Acronis Cyber Backup 组件 SSRF 漏洞的利用 – Jett


• IBM Spectrum Protect Plus Security Open to RCE:
https://threatpost.com/ibm-flaws-spectrum-protect-plus/159268/

   ・ IBM Spectrum Protect Plus 数据存储解决方案产品被发现 RCE 漏洞 – Jett


• Interesting Attack on the EMV Smartcard Payment Standard:
https://www.schneier.com/blog/archives/2020/09/interesting-attack-on-the-emv-smartcard-payment-standard.html

   ・ 针对EMV智能卡支付标准的有趣测试研究。 – lanying37


• [Mitigation, Windows] GitHub - yardenshafir/MitigationFlagsCliTool:
https://github.com/yardenshafir/MitigationFlagsCliTool

   ・ Windows 进程 Mitigation 策略枚举工具 – Jett


• GitHub - autoguard/awesome-vehicle-security-and-safety:


知识来源: https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651956913&idx=1&sn=97a2012ccb2606dd473b266e6770fb3d

阅读:4946 | 评论:0 | 标签:安全

想收藏或者和大家分享这篇好文章→复制链接地址

“每日安全动态推送(09-16)”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

ADS

标签云