每日安全动态推送(09-24)

  • A+
所属分类:安全新闻
Tencent Security Xuanwu Lab Daily News


• Fuzzing floating point code:
https://rigtorp.se/fuzzing-floating-point-code/

   ・ 如何用 libFuzzer Fuzz 涉及浮点数的代码 – Jett


• [Reverse Engineering] Guy's 30 Reverse Engineering Tips & Tricks:
https://blog.vastart.dev/2020/04/guys-30-reverse-engineering-tips-tricks.html?m=1

   ・ Guy's 30 Reverse Engineering Tips & Tricks – Jett


• 红蓝对抗中的近源渗透:
https://security.tencent.com/index.php/blog/msg/167

   ・ 红蓝对抗中的近源渗透 – lanying37


• [Web] Redefining Impossible: XSS without arbitrary JavaScript:
https://portswigger.net/research/redefining-impossible-xss-without-arbitrary-javascript

   ・ Redefining Impossible: XSS without arbitrary JavaScript  – Jett


• ZeroLogon(CVE-2020-1472) - Attacking & Defending:
https://blog.zsec.uk/zerologon-attacking-defending/

   ・ ZeroLogon(CVE-2020-1472) 漏洞的攻击与防御 – Jett


• GitHub - momosecurity/bombus: 合规审计平台:
https://github.com/momosecurity/bombus

   ・ bombus - 陌陌开源的合规审计平台 – Jett


• GitHub - samsonpianofingers/RTTIDumper: Internally injected C++ DLL that dumps VFTables with RTTI data, Still In Development:
https://github.com/samsonpianofingers/RTTIDumper

   ・ RTTIDumper - 注入目标进程 Dump 虚函数表的工具 – Jett


• Abusing Group Policy Caching – Decoder's Blog:
https://decoder.cloud/2020/09/23/abusing-group-policy-caching/

   ・ Windows Group Policy Caching 本地 SYSTEM 提权漏洞(CVE-2020-1317)的分析 – Jett


• Microsoft leaks 6.5TB in Bing search data via unsecured Elastic server. *Insert 'Wow... that much?' joke here*:
https://www.theregister.com/2020/09/23/microsoft_leaks_over_65tb_bing/

   ・ 微软 BING 搜索因为公开的 ES 服务器导致泄露 6.5 TB 的数据 – Jett


• Shield - An app to protect against process injection on macOS:
https://theevilbit.github.io/shield/

   ・ Shield - 研究员 theevilbit 为 macOS 平台写了一个进程注入防护工具 – Jett


• Rapid7 Releases Q2 2020 Quarterly Threat Report:
https://blog.rapid7.com/2020/09/22/rapid7-releases-q2-2020-quarterly-threat-report/

   ・ Rapid7团队发布2020年第二季度季度威胁报告。 – lanying37


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: