每日安全动态推送(03-26)

  • A+
所属分类:安全新闻

玄武实验室实习生招聘已启动,具体岗位及简历投递方式请查看《腾讯安全玄武实验室 2021 实习生招募令 》。

欢迎各位同学投递!




Tencent Security Xuanwu Lab Daily News


• [Tools] Fuzzing Windows:
https://github.com/intel/kernel-fuzzer-for-xen-project/wiki/Fuzzing-Windows

   ・ 模糊测试Windows内核调试。 – lanying37


• [Web] EXPLOITING JSON WEB TOKEN [JWT]:
https://link.medium.com/exrwuRzTNeb

   ・ 探讨SON网络令牌[JWT]安全问题。 – lanying37


• APT Encounters of the Third Kind:
https://igor-blue.github.io/2021/03/24/apt1.html

   ・ 以实际案例介绍从流量分析的角度发现 APT 攻击线索 – Jett


• Dockerizing the NetSPI Linux Labs:
https://blog.netspi.com/dockerizing-the-netspi-linux-labs/

   ・ NetSPI 将之前的 Linux 渗透测试学习环境整合成了一个 Docker – Jett


• [Windows] CVE-2021-1732: win32kfull xxxCreateWindowEx callback out-of-bounds:
https://iamelli0t.github.io/2021/03/25/CVE-2021-1732.html

   ・ BITTER APT 组织所使用的 win32k CVE-2021-1732 越界访问漏洞分析 – Jett


• GHSL-2021-045: Integer Overflow in GLib - CVE-2021-27219:
https://securitylab.github.com/advisories/GHSL-2021-045-g_bytes_new/

   ・ GLib 整数溢出漏洞分析(CVE-2021-27219) – Jett


• Program Analysis Resources:
https://gist.github.com/MattPD/00573ee14bf85ccac6bed3c0678ddbef

   ・ 程序分析(Program Analysis)相关的资料整理 – Jett


• Microsoft Exchange 漏洞(CVE-2021-26855)在野扫描分析报告:
https://blog.netlab.360.com/microsoft-exchange-vulnerability-cve-2021-26855-scan-analysis/

   ・ Microsoft Exchange 漏洞(CVE-2021-26855)在野扫描分析报告 – Jett


• Announcing the Android Ready SE Alliance:
http://feedproxy.google.com/~r/GoogleOnlineSecurityBlog/~3/NRJL23LmeKs/announcing-android-ready-se-alliance.html

   ・ Google 正在推动建立 Android Ready SE 联盟,用于 SE 安全芯片标准的研发 – Jett


• GHSL-2021-049: Type confusion vulnerability in the varlink interface of systemd-resolved:
https://securitylab.github.com/advisories/GHSL-2021-049-systemd-resolved-varlink/

   ・ systemd-resolved varlink 接口类型混淆漏洞分析 – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


本文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(03-26)

发表评论