腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Browser ] Chromium Mojo DataPipeConsumerDispatcher 和 DataPipeProducerDispatcher 反序列化缺少必要的验证(CVE- 2018-16068): https://bugs.chromium.org/p/chromium/issues/detail?id=877182
-
[ Exploit ] Glibc 堆利用基础,深入解析 ptmalloc2 : https://blog.k3170makan.com/2018/12/glibc-heap-exploitation-basics.html
-
[ Exploit ] Cisco RV110W - 密码泄露与命令执行漏洞 EXP(CVE-2014-0683, CVE-2015-6396): https://www.exploit-db.com/exploits/45986
-
[ Linux ] Linux Kernel 的 Binder 机制的详细介绍 : https://www.synacktiv.com/posts/systems/binder-transactions-in-the-bowels-of-the-linux-kernel.html
-
[ MalwareAnalysis ] McAfee 对以全球关键基础设施为目标的新攻击活动 - Operation Sharpshooter 的全面分析: https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/operation-sharpshooter-targets-global-defense-critical-infrastructure/
-
[ Others ] 介绍 Visual Studio 2019 预览版对 .NET 的改进: https://blogs.msdn.microsoft.com/dotnet/2018/12/13/visual-studio-2019-net-productivity/
-
[ Virtualization ] 编写可以运行汇编程序的虚拟机教程: https://justinmeiners.github.io/lc3-vm/
-
[ Vulnerability ] Kallithea <= 0.3.4 错误访问控制以及 XSS 漏洞披露: https://security.szurek.pl/kallithea-0-3-4-incorrect-access-control-and-xss.html