每日安全动态推送(09-08)

  • A+
所属分类:安全新闻
Tencent Security Xuanwu Lab Daily News


• CVE-2019-2215 Android Binder Use-after-free on Samsung S9:
https://duasynt.com/blog/cve-2019-2215-android-binder-uaf-s9

   ・ CVE-2019-2215 Android Binder Use-after-free on Samsung S9 – Jett


• [Windows] Beyond good ol’ Run key, Part 127 + TestHooks bonus:
https://www.hexacorn.com/blog/2020/09/06/beyond-good-ol-run-key-part-127-testhooks-bonus/

   ・ 通过对Windows Update引用注册表项发掘测试。 – lanying37


• [Tools] TREVORspray:
https://github.com/blacklanternsecurity/TREVORspray

   ・ TREVORspray - 微软 Office 365 密码爆破工具 – Jett


• ARM64 Reversing and Exploitation Part 3 - A Simple ROP Chain:
http://highaltitudehacks.com/2020/09/06/arm64-reversing-and-exploitation-part-3-a-simple-rop-chain/

   ・ ARM64逆向开发系列-第3部分-简单的ROP链。 – lanying37


• [Linux] The Sound of Silence: Mining Security Vulnerabilities from Secret Integration Channels in Open-Source Projects:
https://arxiv.org/abs/2009.01694

   ・ 从公开的渠道收集信息,挖掘可能存在的开源项目的漏洞 – Jett


• Securing AEM With Dispatcher:
https://labs.f-secure.com/blog/securing-aem-with-dispatcher

   ・ Adobe AEM CMS 产品的多个漏洞的分析 – Jett


• Resources:
https://github.com/thewhiteninja/yarasploit

   ・ YaraSploit - 为 Metasploit Shellcodes 生成的 Yara Rules – Jett


• WhatsApp Discloses 6 Bugs That Allows Attackers to Execute Code:
https://gbhackers.com/whatsapp-vulnerability-2/

   ・ WhatsApp 修复了 6 个漏洞 – Jett


• [Browser] Google CTF 2020 teleport Chromium sandbox escape:
https://trungnguyen1909.github.io/blog/post/GGCTF20/

   ・ Google CTF 2020 teleport Chromium sandbox escape – Jett


• [Linux] Ghidra for Linux on Arm:
https://assets.checkra.in/labo/ghidra/

   ・ 支持在 ARM 平台 Linux 系统运行的 Ghidra – Jett


• [Fuzzing, Windows] [Fuzzing with WinAFL] Fuzzing a simple C program using WinAFL on windows:
https://hardik05.wordpress.com/2020/09/06/fuzzing-with-winafl-fuzzing-a-simple-c-program-using-winafl-on-windows/

   ・ [使用WinAFL进行模糊测试]在Windows上使用WinAFL进行简单的C语言程序模糊测试。 – lanying37


• [Vulnerability] TryHackMe. Exploiting EternalBlue Vulnerability.:
https://medium.com/bugbountywriteup/tryhackme-exploiting-eternalblue-vulnerability-24fed2799540?source=rss----7b722bfd1b8d---4

   ・ TryHackMe。利用EternalBlue漏洞演练研究。 – lanying37


• [Browser] 1086890 - Security: Missing array size check in NewFixedArray - chromium:
https://crbug.com/1086890

   ・ Issue 1086890: Security: Missing array size check in NewFixedArray  – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: