- A+
Tencent Security Xuanwu Lab Daily News
• CVE-2019-2215 Android Binder Use-after-free on Samsung S9:
https://duasynt.com/blog/cve-2019-2215-android-binder-uaf-s9
・ CVE-2019-2215 Android Binder Use-after-free on Samsung S9
– Jett
• [Windows] Beyond good ol’ Run key, Part 127 + TestHooks bonus:
https://www.hexacorn.com/blog/2020/09/06/beyond-good-ol-run-key-part-127-testhooks-bonus/
・ 通过对Windows Update引用注册表项发掘测试。
– lanying37
• [Tools] TREVORspray:
https://github.com/blacklanternsecurity/TREVORspray
・ TREVORspray - 微软 Office 365 密码爆破工具
– Jett
• ARM64 Reversing and Exploitation Part 3 - A Simple ROP Chain:
http://highaltitudehacks.com/2020/09/06/arm64-reversing-and-exploitation-part-3-a-simple-rop-chain/
・ ARM64逆向开发系列-第3部分-简单的ROP链。
– lanying37
• [Linux] The Sound of Silence: Mining Security Vulnerabilities from Secret Integration Channels in Open-Source Projects:
https://arxiv.org/abs/2009.01694
・ 从公开的渠道收集信息,挖掘可能存在的开源项目的漏洞
– Jett
• Securing AEM With Dispatcher:
https://labs.f-secure.com/blog/securing-aem-with-dispatcher
・ Adobe AEM CMS 产品的多个漏洞的分析
– Jett
• Resources:
https://github.com/thewhiteninja/yarasploit
・ YaraSploit - 为 Metasploit Shellcodes 生成的 Yara Rules
– Jett
• WhatsApp Discloses 6 Bugs That Allows Attackers to Execute Code:
https://gbhackers.com/whatsapp-vulnerability-2/
・ WhatsApp 修复了 6 个漏洞
– Jett
• [Browser] Google CTF 2020 teleport Chromium sandbox escape:
https://trungnguyen1909.github.io/blog/post/GGCTF20/
・ Google CTF 2020 teleport Chromium sandbox escape
– Jett
• [Linux] Ghidra for Linux on Arm:
https://assets.checkra.in/labo/ghidra/
・ 支持在 ARM 平台 Linux 系统运行的 Ghidra
– Jett
• [Fuzzing, Windows] [Fuzzing with WinAFL] Fuzzing a simple C program using WinAFL on windows:
https://hardik05.wordpress.com/2020/09/06/fuzzing-with-winafl-fuzzing-a-simple-c-program-using-winafl-on-windows/
・ [使用WinAFL进行模糊测试]在Windows上使用WinAFL进行简单的C语言程序模糊测试。
– lanying37
• [Vulnerability] TryHackMe. Exploiting EternalBlue Vulnerability.:
https://medium.com/bugbountywriteup/tryhackme-exploiting-eternalblue-vulnerability-24fed2799540?source=rss----7b722bfd1b8d---4
・ TryHackMe。利用EternalBlue漏洞演练研究。
– lanying37
• [Browser] 1086890 - Security: Missing array size check in NewFixedArray - chromium:
https://crbug.com/1086890
・ Issue 1086890: Security: Missing array size check in NewFixedArray
– Jett
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab