- A+
Tencent Security Xuanwu Lab Daily News
• Fuzzing floating point code:
https://rigtorp.se/fuzzing-floating-point-code/
・ 如何用 libFuzzer Fuzz 涉及浮点数的代码
– Jett
• [Reverse Engineering] Guy's 30 Reverse Engineering Tips & Tricks:
https://blog.vastart.dev/2020/04/guys-30-reverse-engineering-tips-tricks.html?m=1
・ Guy's 30 Reverse Engineering Tips & Tricks
– Jett
• 红蓝对抗中的近源渗透:
https://security.tencent.com/index.php/blog/msg/167
・ 红蓝对抗中的近源渗透
– lanying37
• [Web] Redefining Impossible: XSS without arbitrary JavaScript:
https://portswigger.net/research/redefining-impossible-xss-without-arbitrary-javascript
・ Redefining Impossible: XSS without arbitrary JavaScript
– Jett
• ZeroLogon(CVE-2020-1472) - Attacking & Defending:
https://blog.zsec.uk/zerologon-attacking-defending/
・ ZeroLogon(CVE-2020-1472) 漏洞的攻击与防御
– Jett
• GitHub - momosecurity/bombus: 合规审计平台:
https://github.com/momosecurity/bombus
・ bombus - 陌陌开源的合规审计平台
– Jett
• GitHub - samsonpianofingers/RTTIDumper: Internally injected C++ DLL that dumps VFTables with RTTI data, Still In Development:
https://github.com/samsonpianofingers/RTTIDumper
・ RTTIDumper - 注入目标进程 Dump 虚函数表的工具
– Jett
• Abusing Group Policy Caching – Decoder's Blog:
https://decoder.cloud/2020/09/23/abusing-group-policy-caching/
・ Windows Group Policy Caching 本地 SYSTEM 提权漏洞(CVE-2020-1317)的分析
– Jett
• Microsoft leaks 6.5TB in Bing search data via unsecured Elastic server. *Insert 'Wow... that much?' joke here*:
https://www.theregister.com/2020/09/23/microsoft_leaks_over_65tb_bing/
・ 微软 BING 搜索因为公开的 ES 服务器导致泄露 6.5 TB 的数据
– Jett
• Shield - An app to protect against process injection on macOS:
https://theevilbit.github.io/shield/
・ Shield - 研究员 theevilbit 为 macOS 平台写了一个进程注入防护工具
– Jett
• Rapid7 Releases Q2 2020 Quarterly Threat Report:
https://blog.rapid7.com/2020/09/22/rapid7-releases-q2-2020-quarterly-threat-report/
・ Rapid7团队发布2020年第二季度季度威胁报告。
– lanying37
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
