每日安全动态推送(03-15)

  • A+
所属分类:安全新闻
Tencent Security Xuanwu Lab Daily News


• Finding Issues In Regular Expression Logic Using Differential Fuzzing | by Evan Custodio | Mar, 2021 | Medium:
https://defparam.medium.com/finding-issues-in-regular-expression-logic-using-differential-fuzzing-30d78d4cb1d5

   ・ 利用 Differential Fuzzing 的方法挖掘正则表达式的漏洞 – Jett


• JumpServer远程命令执行你可能不知道的点(附利用工具):
https://mp.weixin.qq.com/s/lbcYzNsiOYZRwQzAIYxg3g

   ・  国内开源堡垒机 JumpServer 远程命令执行你可能不知道的点 – Jett


• [Windows] Extracting and Diffing Windows Patches in 2020 - wumb0in':
https://wumb0.in/extracting-and-diffing-ms-patches-in-2020.html

   ・ Windows 2020 年的补丁的提权与 Diff 分析 – Jett


• What can I do to prevent this in the future?:
https://versprite.com/blog/threat-intelligence/red-hat-linux-iscsi-subsystem-vulnerability/

   ・ Red Hat Linux iSCSI Subsystem Vulnerability Report – Jett


• [Tools] r3curs1v3-pr0xy/vajra:
https://github.com/r3curs1v3-pr0xy/vajra

   ・ Vajra - Web 渗透测试自动化的信息收集工具 – Jett


• Linux内核AF_VSOCK套接字条件竞争漏洞(CVE-2021-26708)分析:
https://mp.weixin.qq.com/s/WMFkPJOd29yOiGoC92QFJA

   ・  Linux内核AF_VSOCK套接字条件竞争漏洞(CVE-2021-26708)分析  – Jett


• Security Aspects:
http://x-stream.github.io/security.html

   ・ Java 序列化开源组件 XStream 被发现多个高危漏洞 – Jett


• [Side Channel, Hardware] A Spectre proof-of-concept for a Spectre-proof web:
https://security.googleblog.com/2021/03/a-spectre-proof-of-concept-for-spectre.html?m=1

   ・ Google 对 Spectre CPU 漏洞的研究进展:实现了一个 JS 版本的更快的 PoC 泄露浏览器内存 – Jett


• [Linux] January/February updates · xairy/[email protected]:
https://github.com/xairy/linux-kernel-exploitation/commit/1dce3eccf81e163220f154358b93b4e5d1e64653

   ・ 学习Linux内核开发最全资源。 – lanying37


• [Linux] Users could gain root privilege through three flaws sitting in Linux kernel:
https://www.scmagazine.com/home/security-news/vulnerabilities/three-flaws-that-sat-in-linux-kernel-since-2006-could-deliver-root-privileges-to-attackers/

   ・ 自2006年以来,研究人员发现Linux内核中存在三个重要安全漏洞,该漏洞威胁系统权限。 – lanying37


• Hacking IIS - NahamCon.pdf - Google Drive:
https://drive.google.com/file/d/1O0IARjqP4Pwa-ae1nAP8Nr9qb0ai2XPu/view

   ・ Hacking Windows HTTP Server - IIS – Jett


• BSidesSF CTF 2021 Author writeup / shellcode primer: Runme, Runme2, and Runme3:
https://blog.skullsecurity.org/2021/bsidessf-ctf-2021-author-writeup-shellcode-primer-runme-runme2-and-runme3

   ・ BSidesSF CTF 2021 Writeup – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


本文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(03-15)

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: