每日安全动态推送(08-06)

  • A+
所属分类:安全新闻
Tencent Security Xuanwu Lab Daily News


• 【安全通知】PyPI 官方仓库遭遇request恶意包投毒:
https://mp.weixin.qq.com/s/dkPdXfGfSK097GI6Ln92lA

   ・ PyPI 官方仓库遭遇request恶意包投毒 – Schwarrzz


• [iOS, Tools, Reverse Engineering] GitHub - 0x36/ghidra_kernelcache: a Ghidra framework for iOS kernelcache reverse engineering:
https://github.com/0x36/ghidra_kernelcache

   ・ iOS内核逆向框架ghidra_kernelcache – Schwarrzz


• [Network] Network-layer DDoS attack trends for Q2 2020:
https://cfl.re/3kl6RCL

   ・ 2020年第二季度DDOS攻击分析报告 – Schwarrzz


• [Web] Web Cache Entanglement: Novel Pathways to Poisoning:
https://portswigger.net/research/web-cache-entanglement

   ・ Web缓存纠缠,一种Web缓存中毒的新姿势 – Schwarrzz


• Congratulations to the MSRC’s 2020 Most Valuable Security Researchers:
https://msrc-blog.microsoft.com/2020/08/05/announcing-2020-msrc-most-valuable-security-researchers/

   ・ 微软 MSRC’s 2020 Most Valuable Security Researchers 榜单公布 – Jett


• [Tools] JSON Schema Store:
https://www.schemastore.org/json/

   ・ JSON模式存储:所有常见JSON文件格式的模式-  – Schwarrzz


• OpBlueRaven: Unveiling Fin7/Carbanak - Part 1 : Tirion:
https://threatintelligence.blog/OPBlueRaven-Part1/

   ・ OpBlueRaven:揭幕Fin7 APT小组的恶意软件威胁/ Carbanak-第1部分:Tirion。 – lanying37


• Pwn2Own -> Xxe2Rce | muffSec:
http://muffsec.com/blog/?p=608

   ・ Pwn2Own 中的 Xxe2Rce 漏洞详解 – Schwarrzz


• [Windows] Kerberoasting: A Blue Team Perspective:
https://link.medium.com/63WCnMoYF8

   ・ Kerberoasting: 以蓝队的安全防守角度来实施。 – lanying37


• [Tools] Anti-Debug Tricks:
https://anti-debug.checkpoint.com/

   ・ Checkpoint 对反调试(Anti-Debug)技术的总结 – Jett


• Vulnerabilities in the Openfire Admin Console:
https://swarm.ptsecurity.com/openfire-admin-console/

   ・ Openfire Admin Console 的两个漏洞:SSRF 和任意文件读 – 靓仔


• [Vulnerability] Steps to reproduce:
https://hackerone.com/reports/806571

   ・ gitlab.com 的存储型 XSS 漏洞 – 靓仔


• [Android] Exploiting Android Messengers with WebRTC: Part 2:
https://googleprojectzero.blogspot.com/2020/08/exploiting-android-messengers-part-2.html?m=1

   ・ Exploiting Android Messengers with WebRTC: Part 2 – Jett


• [Tools] IDA Pro Reverse Engineering Tutorial for Beginners:
https://bit.ly/2Pp2LLr

   ・ IDA Pro逆向工程入门教程视频 – Schwarrzz


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: