每日安全动态推送(04-13)

  • A+
所属分类:安全新闻
Tencent Security Xuanwu Lab Daily News

• Reverse engineering (Absolute) UEFI modules for beginners: 
https://standa-note.blogspot.com/2021/04/reverse-engineering-absolute-uefi.html

   ・ 逆向工程基于UEFI的BIOS模块分析。 – lanying37


• 内核漏洞攻防: 
https://www.yuque.com/posec/public/sp9bs1

   ・ 关于内核漏洞的原理分析。 – potato


• [Firmware] Hard Disk Firmware Hacking (Part 1) - MalwareTech: 
https://www.malwaretech.com/2015/04/hard-disk-firmware-hacking-part-1.html

   ・ 硬盘固件渗透测试(第1部分)-MalwareTech – lanying37


• You Talking To Me?: 
https://starlabs.sg/blog/2021/04/you-talking-to-me/

   ・ Chrome 和Firefox 等浏览器的 WebDriver REST APIs RCE 分析。 – potato


• Process Herpaderping: 
https://movaxbx.ru/2021/04/11/process-herpaderping/

   ・ Process Herpaderping:通过在映像映射后修改磁盘上的内容来掩盖进程意图的方法。 –potato


• CVE-2021-29627: 
https://github.com/raymontag/cve-2021-29627

   ・ CVE-2021-29627:由于 FreeBSD 的 accept_filter 处理程序错误而留下一个空指针,可能被利用于内核提权。 – potato


• Introduction: 
https://github.com/assetnote/blind-ssrf-chains

   ・ SSRF 漏洞可能的攻击方式列表。 – potato


• Why Your macOS EDR Solution Shouldn’t Be Running Under Rosetta 2: 
https://www.sentinelone.com/blog/why-your-macos-edr-solution-shouldnt-be-running-under-rosetta-2/

   ・ 介绍为什么 macOS EDR(Endpoint Detection and Response)不应该运行在 Rosetta 2 下。– potato


• ELECTRIC CHROME - CVE-2020-6418 on Tesla Model 3: 
https://leethax0.rs/2021/04/ElectricChrome/

   ・ 在 Tesla Model 3 上利用 CVE-2020-6418。 – potato


• Github Actions for Application Security: 
https://blog.projectdiscovery.io/github-actions-for-application-security/

   ・ PD Actions:使用 GitHub Actions 实现自动化的安全工作流程。 – potato


* 查看或搜索历史推送内容请访问: 
https://sec.today

* 新浪微博账号:腾讯玄武实验室 
https://weibo.com/xuanwulab


本文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(04-13)

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: