每日安全动态推送(10-13)

  • A+
所属分类:安全新闻
Tencent Security Xuanwu Lab Daily News


• [Browser] browser_pwn/jsc_pwn/cve-2020-9802 at master · ray-cp/browser_pwn · GitHub:
https://github.com/ray-cp/browser_pwn/tree/master/jsc_pwn/cve-2020-9802

   ・ JSC JS 引擎 CVE-2020-9802 漏洞的 Exploit 代码 – Jett


• [Tools] Hexrays Toolbox:
https://github.com/patois/HexraysToolbox

   ・ 在 IDA Hexrays AST 级别搜索代码特征的工具 – Jett


• [Browser] [JSC] Assert Operation and HostFunction are in JITOperationsList · WebKit/[email protected]:
https://github.com/WebKit/webkit/commit/2ffeeff4dfb86a74ae695dea8671fccc423559ad

   ・ WebKit 引入 JIT-Caging 特性实现细粒度的 PAC 保护机制 – Jett


• [Browser] Guest Blog Post: Rollback Attack:
https://blog.mozilla.org/attack-and-defense/2020/10/12/guest-blog-post-rollback-attack/

   ・ Windows 版本 Firefox 浏览器 Mozilla Maintenance 服务 SYSTEM 本地提权漏洞的分析 – Jett


• [Windows] A Deep Dive Into RUNDLL32.EXE. Understanding “rundll32.exe” command… | by Nasreddine Bencherchali | Oct, 2020 | Medium:
https://medium.com/@nasbench/a-deep-dive-into-rundll32-exe-642344b41e90

   ・ Windows rundll32.exe 进程的深入分析 – Jett


• _xeroxz / Voyager:
https://githacks.org/xerox/voyager

   ・ Voyager - 为 Windows 10 x64 Hyper-v 框架提供模块注入以及 vmexit hook 功能的工具 – Jett


• Graphology of an Exploit - Hunting for exploits by looking for the author's fingerprints - Check Point Research:
https://research.checkpoint.com/2020/graphology-of-an-exploit-volodya/

   ・ 漏洞利用图谱方法–通过查找作者编写的恶意软件指纹来寻找漏洞利用。 – lanying37


• MSRC-Security-Research/Security analysis of CHERI ISA.pdf at master · microsoft/MSRC-Security-Research · GitHub:
https://github.com/microsoft/MSRC-Security-Research/blob/master/papers/2020/Security%20analysis%20of%20CHERI%20ISA.pdf

   ・ 微软 MSRC 对 CHERI ISA 内存保护机制的介绍 – Jett


• View of Dismantling DST80-based Immobiliser Systems:
https://tches.iacr.org/index.php/TCHES/article/view/8546/8111

   ・ 拆解基于DST80的车机防盗系统 – LuYa


• We Hacked Apple for 3 Months: Here’s What We Found:
https://samcurry.net/hacking-apple/

   ・ We Hacked Apple for 3 Months: Here’s What We Found – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


本文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(10-13)

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: