每日安全动态推送(11-20)

  • A+
所属分类:安全新闻
Tencent Security Xuanwu Lab Daily News


• GitHub - hayasec/360SafeBrowsergetpass: 这是一个一键辅助抓取360安全浏览器密码的CobaltStrike脚本,用于节省红队人员工作量,通过下载浏览器数据库、记录密钥来离线解密浏览器密码。:
https://github.com/hayasec/360SafeBrowsergetpass

   ・ 一键辅助抓取 360 安全浏览器密码的 CobaltStrike 脚本 – Jett


• 2098 - Facebook Messenger for Android: SdpUpdate message can cause audio call to connect before callee has answered the call - project-zero:
https://bugs.chromium.org/p/project-zero/issues/detail?id=2098

   ・ Android 版本的 Facebook Messenger 被发现存在漏洞,攻击者可以发送恶意消息在接听者确认之前建立通话连接 – Jett


• RFID: New Proxmark3 Tear-Off Features and New Findings:
http://blog.quarkslab.com/rfid-new-proxmark3-tear-off-features-and-new-findings.html

   ・ RFID: New Proxmark3 Tear-Off Features and New Findings – Jett


• [Conference] Index of /materials/2020/:
https://cyberweek.ae/materials/2020/

   ・ HITBCyberWeek 2020 会议的议题 PPT 公开了 – Jett


• 响尾蛇APT组织利用“一带一路”话题针对相关参会人员发起网络攻击:
https://ti.dbappsecurity.com.cn/blog/index.php/2020/11/19/sidewinder-attack-with-the-belt-and-road/

   ・ 响尾蛇APT组织利用“一带一路”话题针对相关参会人员发起网络攻击 – Jett


• Proxying Android app traffic – Common issues / checklist:
https://blog.nviso.eu/2020/11/19/proxying-android-app-traffic-common-issues-checklist/

   ・ 利用 Burp Suite 劫持 Android App 的流量 – Jett


• Running code in the context of iOS Kernel: Part I + LPE POC on iOS 13.7 - ZecOps Blog:
https://blog.zecops.com/vulnerabilities/running-code-in-the-context-of-ios-kernel-part-i-lpe-poc-on-ios-13-7/

   ・ Running code in the context of iOS Kernel: Part I + LPE POC on iOS 13.7  – Jett


• Bluetooth Low Energy hardware-less HackMe:
https://github.com/smartlockpicking/BLE_HackMe

   ・ 蓝牙低功耗无硬件-HackMe 项目。 – lanying37


• InQL Scanner v3 - Just Released!:
https://blog.doyensec.com//2020/11/19/inql-scanner-v3.html

   ・ 基于 GraphQL 的安全测试工具 InQL Scanner 发布新版本 – Jett


• APT Malware Dataset:
https://github.com/cyber-research/APTMalware

   ・ 5个国家的APT恶意软件数据集。 – lanying37


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


本文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(11-20)

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: