每日安全动态推送(12-22)

  • A+
所属分类:安全新闻
Tencent Security Xuanwu Lab Daily News


• Domestic IoT Nightmares: Smart Doorbells:
https://research.nccgroup.com/2020/12/18/domestic-iot-nightmares-smart-doorbells/

   ・ NCCGroup 对多款智能门铃 IoT 设备的安全分析报告 – Jett


• CVE-2020-7468: Turning Imprisonment to Advantage in the FreeBSD ftpd chroot Jail:
https://www.thezdi.com/blog/2020/12/21/cve-2020-7468-turning-imprisonment-to-advantage-in-the-freebsd-ftpd-chroot-jail

   ・ FreeBSD ftpd chroot 本地提权漏洞分析(CVE-2020-7468) – Jett


• [CTF] hxp CTF 2020 pfoten:
https://mem2019.github.io/jekyll/update/2020/12/21/hxp2020-pfoten.html

   ・ hxp CTF 2020 pfoten writeup – Jett


• Microsoft Exchange Remote Code Execution - CVE-2020-16875:
https://www.x41-dsec.de/security/advisory/exploit/research/2020/12/21/x41-microsoft-exchange-rce-dlp-bypass/

   ・ Microsoft Exchange Remote Code Execution - CVE-2020-16875 – Jett


• An iOS hacker tries Android:
https://googleprojectzero.blogspot.com/2020/12/an-ios-hacker-tries-android.html

   ・ Project Zero 研究员 Brandon Azad 从 iOS 角度看待 Android Kernel Exploit 的 Blog – Jett


• Sniff, there leaks my BitLocker key:
https://labs.f-secure.com/blog/sniff-there-leaks-my-bitlocker-key/

   ・ 通过嗅探 TPM SPI 接口的流量泄漏 BitLocker 全盘加密 Key – Jett


• Locating the kernel PGD on Android/aarch64:
https://duasynt.com/blog/android-pgd-page-tables

   ・ 在Android / aarch64平台上利用内核PGD安全分析。 – lanying37


• [Android] Exploitation · Android Kernel Exploitation:
https://cloudfuzz.github.io/android-kernel-exploitation/chapters/exploitation.html

   ・ Android Kernel Exploitation Workshop – Jett


• Reading and writing memory of other processes using fasttrap:
https://github.com/seemoo-lab/dtrace-memaccess_cve-2020-27949

   ・ Reading and writing memory of other processes using fasttrap  – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


本文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(12-22)

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: