每日安全动态推送(03-11)

  • A+
所属分类:安全新闻
Tencent Security Xuanwu Lab Daily News


• [Tools] 2132 - F5 Big IP - ASM stack-based buffer overflow in is_hdr_criteria_matches - project-zero:
https://bugs.chromium.org/p/project-zero/issues/detail?id=2132

   ・  Issue 2132: F5 Big IP - ASM stack-based buffer overflow in is_hdr_criteria_matches  – Jett


• The 2021 Hacker Report:
https://www.hackerone.com/resources/reporting/the-2021-hacker-report

   ・ HackerOne 发布《The 2021 Hacker Report》 – Jett


• EFB Tampering 1. Introduction and Class Differences:
https://www.pentestpartners.com/security-blog/efb-tampering-1-introduction-and-class-differences/

   ・ 航空公司的EFB设备安全性进行测试介绍 – lanying37


• [IoT] Router Analysis Part 1: UART Discovery and SPI Flash Extraction:
https://wrongbaud.github.io/posts/router-teardown/

   ・ 路由器调试分析第1部分:通过UART发现和SPI闪存提取。 – lanying37


• [CTF] McAfee ATR Capture the Flag:
https://github.com/advanced-threat-research/ATR_HAX_CTF

   ・ McAfee ATR Capture the Flag Writeup – Jett


• [Android] One day short of a full chain: Part 1 - Android Kernel arbitrary code execution:
https://securitylab.github.com/research/one_day_short_of_a_fullchain_android

   ・ 利用 Qualcomm msm 内核驱动的漏洞实现 Android 内核代码执行 – Jett


• 2126 - F5 Big IP - TMM uri_normalize_host infoleak and out-of-bounds write - project-zero:
https://bugs.chromium.org/p/project-zero/issues/detail?id=2126

   ・  Issue 2126: F5 Big IP - TMM uri_normalize_host infoleak and out-of-bounds write  – Jett


• Fuzzing Java in OSS-Fuzz:
http://feedproxy.google.com/~r/GoogleOnlineSecurityBlog/~3/QDW5WSClApQ/fuzzing-java-in-oss-fuzz.html

   ・ OSS-Fuzz 增加对 Fuzz Java 的支持,同时也支持其他基于 JVM-Based 的项目 – Jett


• Pwn2Own Tokyo 2020: Defeating the TP-Link AC1750:
https://www.synacktiv.com/en/publications/pwn2own-tokyo-2020-defeating-the-tp-link-ac1750.html

   ・ Pwn2Own Tokyo 2020:成功破解TP-Link AC1750路由器 – lanying37


• How to Perform Symbolic Execution of Mobile Apps with R2Frida & ESILSolve - NowSecure:
https://www.nowsecure.com/blog/2021/03/10/how-to-perform-symbolic-execution-of-mobile-apps-with-r2frida-esilsolve/

   ・ 利用 R2Frida 和 ESILSolve 工具对移动 App 实现符号执行分析 – Jett


• [Tools] Profiling C++ code with Frida:
https://lief.quarkslab.com/blog/2021-03-10-profiling-cpp-code-with-frida/

   ・ Profiling C++ code with Frida – Jett


• [Windows] Reproducing the Microsoft Exchange Proxylogon Exploit Chain | Praetorian:
https://www.praetorian.com/blog/reproducing-proxylogon-exploit/

   ・ 搭建环境,通过版本对比重现 Microsoft Exchange Proxylogon 漏洞 – Jett


• Creating a Red & Blue Team Homelab | hausec:
https://hausec.com/2021/03/04/creating-a-red-blue-team-home-lab/

   ・ 自己搭建一个渗透测试 Red & Blue Team Homelab – Jett


• [Tools] oss-security - git: malicious repositories can execute remote code while cloning:
https://www.openwall.com/lists/oss-security/2021/03/09/3

   ・ git 发布发版本更新,修复 CVE-2021-21300 git clone 过程的代码执行漏洞 – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


本文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(03-11)

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: