腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ iOS ] iOS 渗透测试工具 Part 4: 二进制分析与调试: https://www.allysonomalley.com/2019/01/06/ios-pentesting-tools-part-4-binary-analysis-and-debugging/
-
[ Linux ] Linux Kernel mm/mincore.c mincore 函数中的信息泄漏漏洞披露(CVE-2019-5489): https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5489
-
[ Pentest ] 结合 Oauth 进行 XSS 的高级利用以实现对目标的持久化访问: https://github.com/dxa4481/XSSOauthPersistence
-
[ Popular Software ] The State Of Software Security In 2019,作者对 2018 年软件安全发展状况的回顾以及对来年的期望: https://noncombatant.org/2019/01/06/state-of-security-2019/
-
[ SecurityAdvisory ] Android 2019 年 1 月安全公告发布: https://source.android.com/security/bulletin/2019-01-01
-
[ SecurityProduct ] 绕过 PaloAlto Traps EDR 终端防御: https://www.c0d3xpl0it.com/2019/01/bypassing-paloalto-traps-edr-solution.html
-
[ Tools ] Kubernetes 的安全研究技术资料的集合: https://carnal0wnage.attackresearch.com/2019/01/kubernetes-master-post.html
-
[ Vulnerability ] SME 服务器无需身份验证的 XSS 漏洞,可导致特权账户的远程代码执行(CVE-2018-18072): https://blogs.securiteam.com/index.php/archives/3769
-
[ WirelessSecurity ] Touching the Untouchables: Dynamic Security Analysis of the LTE Control Plane(PDF): https://syssec.kaist.ac.kr/pub/2019/kim_sp_2019.pdf
-
[ Browser ] Chrome Appcache UaF 漏洞(CVE-2018-17462)利用公开: https://twitter.com/NedWilliamson/status/1082126611380461568 https://bugs.chromium.org/p/chromium/issues/detail?id=888926
-
[ Exploit ] 35C3 CTF 的 Modern Windows Userspace Exploitation :https://github.com/saaramar/35C3_Modern_Windows_Userspace_Exploitation
-
-
[ Pentest ] 巧用 SMTP 日志对 LFI 本地文件包含漏洞进行利用: https://www.hackingarticles.in/smtp-log-poisioning-through-lfi-to-remote-code-exceution/
-
[ Tools ] 使用 mkcert 为 localhost 主机添加 HTTPS 证书: https://blog.filippo.io/mkcert-valid-https-certificates-for-localhost/
-
-
-
[ Windows ] [上篇]从补丁diff到EXP--CVE-2018-8453漏洞分析与利用: https://mp.weixin.qq.com/s/ogKCo-Jp8vc7otXyu6fTig