每日安全动态推送(01-15)

  • A+
所属分类:安全新闻
Tencent Security Xuanwu Lab Daily News


• macOS Post-Exploitation Shenanigans with VSCode Extensions - MDSec:
https://www.mdsec.co.uk/2021/01/macos-post-exploitation-shenanigans-with-vscode-extensions/

   ・ 利用 VSCode 扩展实现 macOS Post-Exploitation 阶段的代码执行 – Jett


• Apple removes feature that allowed its apps to bypass macOS firewalls and VPNs | ZDNet:
https://www.zdnet.com/article/apple-removes-feature-that-allowed-its-apps-to-bypass-macos-firewalls-and-vpns/

   ・ 前段时间爆出 Apple 在新版本 macOS 网络防火墙中为自家 App 开绿灯的问题已被解决 – Jett


• Hunting for Bugs in Windows Mini-Filter Drivers:
https://googleprojectzero.blogspot.com/2021/01/hunting-for-bugs-in-windows-mini-filter.html

   ・ Hunting for Bugs in Windows Mini-Filter Drivers – Jett


• Looking Back at the Zero Day Initiative in 2020:
https://www.thezdi.com/blog/2021/1/14/looking-back-at-the-zero-day-initiative-in-2020

   ・ ZDI 对最近一年漏洞收录情况的回顾 – Jett


• Building:
https://github.com/jsherman212/xnuspy

   ・ XNU 内核 Hook 框架,基于 checkra1n pongoOS – Jett


• ProFuzzBench - A Benchmark for Stateful Protocol Fuzzing:
https://github.com/profuzzbench/profuzzbench

   ・ ProFuzzBench-网络状态协议模糊测试的基准实验项目。 – lanying37


• Thoughts dereferenced from the scratchpad noise. | What is IOMMU and how it can be used?:
https://blog.3mdeb.com/2021/2021-01-13-iommu/

   ・ What is IOMMU and how it can be used? – Jett


• #943231 SOCK_RAW sockets reachable from Webkit process allows triggering double free in IP6_EXTHDR_CHECK:
https://hackerone.com/reports/943231

   ・ PlayStation 4 WebKit IP6_EXTHDR_CHECK Double Free 漏洞 – Jett


• [PDF] https://www.usenix.org/system/files/sec20-lehmann.pdf:
https://www.usenix.org/system/files/sec20-lehmann.pdf

   ・ Everything Old is New Again: Binary Security of WebAssembly – Jett


• google/nsjail:
https://github.com/google/nsjail

   ・ nsjail - Google 开源的一个 Linux 平台进程隔离工具 – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


本文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(01-15)

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: