每日安全动态推送(09-18)

  • A+
所属分类:安全新闻
Tencent Security Xuanwu Lab Daily News


• 路由以及对应的处理类:
https://blog.knownsec.com

   ・ 路由以及对应的处理类。 – lanying37


• [Browser] Inspecting Just-in-Time Compiled JavaScript:
https://blog.mozilla.org/attack-and-defense/2020/09/15/inspecting-just-in-time-compiled-javascript/

   ・ Firefox JS 新加了一个特性,支持反编译查看 JS 引擎 JIT 生成的代码块 – Jett


• [macOS] 0x0- Opening:
https://blog.zecops.com/vulnerabilities/from-a-comment-to-a-cve-content-filter-strikes-again/

   ・ From a comment to a CVE,XNU Content filter 组件 OOB 漏洞分析 – Jett


• CVE-2020-14364 QEMU逃逸 漏洞分析 (含完整EXP):
https://mp.weixin.qq.com/s/MQyczZXRfOsIQewNf7cfXw

   ・ QEMU USB 模块的数组越界漏洞分析 – Jett


• [IoT] No buffers harmed: Rooting Sierra Wireless AirLink devices through logic bugs:
https://labs.ioactive.com/2020/09/no-buffers-harmed-rooting-sierra.html?spref=tw

   ・ Hacking Sierra AirLink RV50 无关网关设备 – Jett


• [Fuzzing, Tools] Fuzzing binaries with LLVM's libFuzzer and rev.ng - rev.ng:
https://rev.ng/blog/fuzzing/post.html

   ・ Fuzzing binaries with LLVM's libFuzzer and rev.ng – Jett


• [Tools] Wireshark 3.3.0 Released With New Features, Protocols:
https://gbhackers.com/wireshark-3-3-0-released/

   ・ Wireshark 3.3.0发布,具有协议和捕获文件支持新功能。 – lanying37


• [Attack] Intezer - Looking Back on the Last Decade of Linux APT Attacks:
https://hubs.li/H0wncCd0

   ・ 回顾Linux系统被APT攻击的过去十年探讨。 – lanying37


• Aruba Clearpass RCE (CVE-2020-7115):
https://dozer.nz/posts/aruba-clearpass-rce

   ・ Aruba Clearpass RCE (CVE-2020-7115) – Jett


• [Tools] PLSysSec/haybale:
https://github.com/PLSysSec/haybale

   ・ haybale - 一款 Rust 语言编写的 LLVM IR 级别的符号执行引擎  – Jett


• Clash of the (Spam)Titan:
https://sensepost.com/blog/2020/clash-of-the-spamtitan/

   ・ Clash of the (Spam)Titan - SpamTitan 垃圾邮件网关产品自身的 RCE 漏洞分析 – Jett


• [Web] Using CodeQL to Detect Client-side Vulnerabilities in Web Applications:
https://www.cyberdlab.com/insights/using-codeql-to-detect-client-side-vulnerabilities

   ・ 利用 CodeQL 检测 Web 应用 Client 的漏洞 – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: