每日安全动态推送(03-30)

  • A+
所属分类:安全新闻

玄武实验室实习生招聘已启动,具体岗位及简历投递方式请查看《腾讯安全玄武实验室 2021 实习生招募令 》。

欢迎各位同学投递!




Tencent Security Xuanwu Lab Daily News


• Changes to Git commit workflow:
https://news-web.php.net/php.internals/113838

   ・ PHP Git 源码库被提交后门代码,通过在请求中指定 User-Agent 可以直接 eval() 代码执行 – Jett


• [Web] SAML XML Injection:
https://research.nccgroup.com/2021/03/29/saml-xml-injection/

   ・ SAML XML Injection – Jett


• How the Web Audio API is used for browser fingerprinting:
https://fingerprintjs.com/blog/audio-fingerprinting/

   ・ 滥用 Audio API 实现浏览器指纹 – Jett


• Debugging System with DCI and Windbg:
http://standa-note.blogspot.com/2021/03/debugging-system-with-dci-and-windbg.html

   ・ 利用 DCI 与 Windbg 调试器调试 SMM 模式的代码 – Jett


• CVE-2021-25646: Getting Code Execution on Apache Druid:
https://www.thezdi.com/blog/2021/3/25/cve-2021-25646-getting-code-execution-on-apache-druid

   ・ Apache Druid CVE-2021-25646 代码执行漏洞分析 – Jett


• [Crypto] Cracking RSA — A Challenge Generator:
https://medium.com/asecuritysite-when-bob-met-alice/cracking-rsa-a-challenge-generator-2b64c4edb3e7

   ・ 挑战破解RSA加密算法。 – lanying37


• [翻译]深入 .NET ViewState 反序列化及其利用:
https://lovegood.github.io/2021/03/29/translation-deep-dive-into-net-viewstate-deserialization-and-its-exploitation/

   ・ [翻译]深入 .NET ViewState 反序列化及其利用。 – lanying37


• Cutter 2.0 Release:
https://cutter.re/cutter-2.0

   ・ 开源逆向框架 Cutter 发布 2.0 大版本 – Jett


• [PDF] https://arxiv.org/pdf/2103.02707.pdf:
https://arxiv.org/pdf/2103.02707.pdf

   ・ Exploitation and Sanitization of Hidden Data in PDF Files – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


本文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(03-30)

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: