- A+
Tencent Security Xuanwu Lab Daily News
• VkFFT - Vulkan Fast Fourier Transform library:
https://github.com/DTolm/VkFFT
・ VkFFT-Vulkan快速傅立叶变换库
– Schwarrzz
• Linux 内核 AF_PACKET 原生套接字漏洞(CVE-2020-14386)分析:
https://paper.seebug.org/1348/
・ Linux系统内核 AF_PACKET 原生套接字漏洞(CVE-2020-14386)分析。
– lanying37
• (C) 2008 Nicolas Pouvesle [email protected] / Tenable Network Security:
https://github.com/tenable/mIDA
・ 用于从 IDL 接口文件中提取 RPC 接口定义的 IDA 插件
– Jett
• Undocumented Fastboot Oem Commands:
https://carlo.marag.no/posts/undocumented-fastboot-oem/
・ Android 10 及更新版本的 Fastboot OEM 命令枚举
– Jett
• [macOS, Malware] Waiting for the redirectiron...:
https://objective-see.com/blog/blog_0x4F.html
・ macOS 平台 FinSpy 恶意软件样本的分析
– Jett
• [Windows] Demystifying the “SVCHOST.EXE” Process and Its Command Line Options | by Nasreddine Bencherchali | Sep, 2020 | Medium:
https://medium.com/@nasbench/demystifying-the-svchost-exe-process-and-its-command-line-options-508e9114e747
・ svchost.exe 进程及其支持的命令行参数分析
– Jett
• [Tools, Windows] sbousseaden/EVTX-ATTACK-SAMPLES:
https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES
・ Windows 系统各类攻击和渗透行为的 Events 样本收集
– Jett
• gcov与LLVM中的实现 | MaskRay:
https://maskray.me/blog/2020-09-27-gcov-and-llvm
・ LLVM 中代码插桩 gcov 的实现
– Jett
• GitHub - catenacyber/webfuzz:
https://github.com/catenacyber/webfuzz
・ webfuzz -针对 Web 应用的 Fuzz 工具
– Jett
• Privilege Escalation via Account Takeover on NodeBB Forum Software — Bug Bounty (512$) | by Muhammed Eren Uygun | InfoSec Write-ups | Sep, 2020 | Medium:
https://medium.com/bugbountywriteup/privilege-escalation-via-account-takeover-on-nodebb-forum-software-512-a593a7b1b4a4
・ NodeBB 论坛软件账户接管 Web 提权漏洞分析
– Jett
• Kernel exploitation: weaponizing CVE-2020-17382 MSI Ambient Link driver:
https://www.matteomalvica.com/blog/2020/09/24/weaponizing-cve-2020-17382/
・ Windows 系统第三方 MSI Ambient Link 驱动漏洞的分析及利用
– Jett
• GitHub - kov4l3nko/MEDUZA: A more or less universal SSL unpinning tool for iOS:
https://github.com/kov4l3nko/MEDUZA
・ MEDUZA - 基于 Frida,针对越狱 iOS 系统编写的 SSL unpinning 工具
– Jett
• [Tools] 1-click meterpreter exploit chain with BeEF and AV/AMSI bypass:
https://medium.com/@bluedenkare/1-click-meterpreter-exploit-chain-with-beef-and-av-amsi-bypass-96b0eb61f1b6
・ 1-click meterpreter exploit chain with BeEF and AV/AMSI bypass
– Jett
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab