每日安全动态推送(03-12)

admin 2021年3月12日04:10:11安全新闻评论215 views2083字阅读6分56秒阅读模式
Tencent Security Xuanwu Lab Daily News


• Exchang 攻击链 CVE-2021-26855&CVE-2021-27065 分析:
https://paper.seebug.org/1501/

   ・ Exchange 攻击链 CVE-2021-26855&CVE-2021-27065安全漏洞分析 – lanying37


• Regexploit: DoS-able Regular Expressions:
https://blog.doyensec.com//2021/03/11/regexploit.html

   ・ Regexploit: DoS-able Regular Expressions – Jett


• [Programming, Tools] Introduction to Windbg Series 1 Part 1 - THE Debugger:
https://www.youtube.com/watch?v=8zBpqc3HkSE&list=PLhx7-txsG6t6n_E2LgDGqgvJtCHPL7UFu

   ・ Windows Windbg 调试系列视频教程 – Jett


• The Battle Between White Box and Black Box Bug Hunting in Wireless Routers:
https://www.thezdi.com/blog/2021/3/11/the-battle-between-white-box-and-black-box-bug-hunting-in-wireless-routers

   ・ The Battle Between White Box and Black Box Bug Hunting in Wireless Routers – Jett


• [Tools] POC 2020 - CodeQL as an auditing oracle - GitHub Security Lab:
https://www.youtube.com/watch?v=XmAEgl8bVhg

   ・ POC 2020 会议关于利用 CodeQL 静态审计代码的议题(视频) – Jett


• VMware vCenter RCE 漏洞踩坑实录—一个简单的 RCE 漏洞到底能挖出什么知识:
https://paper.seebug.org/1500/

   ・ VMware vCenter RCE 漏洞踩坑实录 – Jett


• Scudo在Android11使用介绍:
https://zhuanlan.zhihu.com/p/353784014

   ・ 在Android11使用Scudo分配器介绍 – lanying37


• Exploiting a “Simple” Vulnerability, Part 2 – What If We Made Exploitation Harder? – Winsider Seminars & Solutions Inc.:
https://windows-internals.com/exploiting-a-simple-vulnerability-part-2-what-if-we-made-exploitation-harder/?utm_source=rss

   ・ Windows 内核 CVE-2020-1034 漏洞利用的新思路 – Jett


• Playing in the (Windows) Sandbox - Check Point Research:
https://research.checkpoint.com/2021/playing-in-the-windows-sandbox/

   ・ Playing in the (Windows) Sandbox – Jett


• SSD Advisory – GNU GRUB Command Injection - SSD Secure Disclosure:
https://ssd-disclosure.com/ssd-advisory-gnu-grub-command-injection/

   ・ 利用 GNU GRUB 漏洞实现特权命令执行 – Jett


• Whitelist Me, Maybe? “Netbounce” Threat Actor Tries A Bold Approach To Evade Detection:
http://feedproxy.google.com/~r/fortinet/blog/threat-research/~3/bJbDBnByj_4/netbounce-threat-actor-tries-bold-approach-to-evade-detection

   ・ Whitelist Me, Maybe? 有攻击者组织 “Netbounce” 给 Fortinet 发邮件请求将被 "误报"的软件加入白名单 – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


本文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(03-12)

特别标注: 本站(CN-SEC.COM)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
  • 我的微信
  • 微信扫一扫
  • weinxin
  • 我的微信公众号
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2021年3月12日04:10:11
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                  每日安全动态推送(03-12) http://cn-sec.com/archives/287918.html

发表评论

匿名网友 填写信息

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: