每日安全动态推送(03-12)

  • A+
所属分类:安全新闻
Tencent Security Xuanwu Lab Daily News


• Exchang 攻击链 CVE-2021-26855&CVE-2021-27065 分析:
https://paper.seebug.org/1501/

   ・ Exchange 攻击链 CVE-2021-26855&CVE-2021-27065安全漏洞分析 – lanying37


• Regexploit: DoS-able Regular Expressions:
https://blog.doyensec.com//2021/03/11/regexploit.html

   ・ Regexploit: DoS-able Regular Expressions – Jett


• [Programming, Tools] Introduction to Windbg Series 1 Part 1 - THE Debugger:
https://www.youtube.com/watch?v=8zBpqc3HkSE&list=PLhx7-txsG6t6n_E2LgDGqgvJtCHPL7UFu

   ・ Windows Windbg 调试系列视频教程 – Jett


• The Battle Between White Box and Black Box Bug Hunting in Wireless Routers:
https://www.thezdi.com/blog/2021/3/11/the-battle-between-white-box-and-black-box-bug-hunting-in-wireless-routers

   ・ The Battle Between White Box and Black Box Bug Hunting in Wireless Routers – Jett


• [Tools] POC 2020 - CodeQL as an auditing oracle - GitHub Security Lab:
https://www.youtube.com/watch?v=XmAEgl8bVhg

   ・ POC 2020 会议关于利用 CodeQL 静态审计代码的议题(视频) – Jett


• VMware vCenter RCE 漏洞踩坑实录—一个简单的 RCE 漏洞到底能挖出什么知识:
https://paper.seebug.org/1500/

   ・ VMware vCenter RCE 漏洞踩坑实录 – Jett


• Scudo在Android11使用介绍:
https://zhuanlan.zhihu.com/p/353784014

   ・ 在Android11使用Scudo分配器介绍 – lanying37


• Exploiting a “Simple” Vulnerability, Part 2 – What If We Made Exploitation Harder? – Winsider Seminars & Solutions Inc.:
https://windows-internals.com/exploiting-a-simple-vulnerability-part-2-what-if-we-made-exploitation-harder/?utm_source=rss

   ・ Windows 内核 CVE-2020-1034 漏洞利用的新思路 – Jett


• Playing in the (Windows) Sandbox - Check Point Research:
https://research.checkpoint.com/2021/playing-in-the-windows-sandbox/

   ・ Playing in the (Windows) Sandbox – Jett


• SSD Advisory – GNU GRUB Command Injection - SSD Secure Disclosure:
https://ssd-disclosure.com/ssd-advisory-gnu-grub-command-injection/

   ・ 利用 GNU GRUB 漏洞实现特权命令执行 – Jett


• Whitelist Me, Maybe? “Netbounce” Threat Actor Tries A Bold Approach To Evade Detection:
http://feedproxy.google.com/~r/fortinet/blog/threat-research/~3/bJbDBnByj_4/netbounce-threat-actor-tries-bold-approach-to-evade-detection

   ・ Whitelist Me, Maybe? 有攻击者组织 “Netbounce” 给 Fortinet 发邮件请求将被 "误报"的软件加入白名单 – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


本文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(03-12)

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: