腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News) - 2019/01/20

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

[ Pentest ] 滥用无密码 sudo 执行 apt-get/apt/dpkg 提权 Linux 主机： https://lsdsecurity.com/2019/01/linux-privilege-escalation-using-apt-get-apt-dpkg-to-abuse-sudo-nopasswd-misconfiguration/
[ SecurityProduct ] 10 种绕过杀毒软件的方式： https://blog.netspi.com/10-evil-user-tricks-for-bypassing-anti-virus/
[ Tools ] browser-pwn - 针对浏览器漏洞利用的资源合集： https://github.com/m1ghtym0/browser-pwn
[ Vulnerability ] Marvell Avastar Wi-Fi 远程代码执行漏洞挖掘详情披露： https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/

[ Vulnerability ] CVE-2018-8453：针对中东地区的Windows内核提权漏洞利用分析： https://ti.360.net/blog/articles/cve-2018-8453-win32k-elevation-of-privilege-vulnerability-targeting-the-middle-east/