Tencent Security Xuanwu Lab Daily News
• [Tools] Frankenstein: Advanced Wireless Fuzzing to Exploit New Bluetooth Escalation Targets:
https://www.usenix.org/conference/usenixsecurity20/presentation/ruge
・ 利用固件模拟的技术实现针对蓝牙模块的无线 Fuzz
– Jett
• [Network] [PDF] https://www.usenix.org/system/files/sec20-afek.pdf:
https://www.usenix.org/system/files/sec20-afek.pdf
・ NXNSAttack - 针对 DNS 系统的数据包放大攻击
– Jett
• The Impact of Ad-Blockers on Product Search and Purchase Behavior: A Lab Experiment:
https://www.usenix.org/conference/usenixsecurity20/presentation/frik
・ 广告过滤插件对用户搜索产品和购买行为的影响
– Jett
• North Korean Hacking Group Attacks Israeli Defense Industry:
https://www.nytimes.com/2020/08/12/world/middleeast/north-korea-hackers-israel.html?referringSource=articleShare
・ 朝鲜黑客组织袭击以色列国防工业
– Schwarrzz
• [Browser] Helping people spot the spoofs: a URL experiment:
https://blog.chromium.org/2020/08/helping-people-spot-spoofs-url.html?m=1
・ 将要发布的 Chome 86 版本将改进地址栏显示 URL 的方式,以防御地址栏欺骗
– Jett
• CVE-2019-7609:
https://github.com/kisec/CVE-2019-7609?fbclid=IwAR02m1XrcGDleYn8KzrjBRuIFNXzwJumhrYi2n7zSFeq9fvPk39FxPyAyWY
・ Kibana CVE-2019-7609 RCE Exploit 代码
– Jett
• [Android] GitHub - darvincisec/VirtualDynamicAnalysis: A basic android pentest environment to instrument apps without root or repackaging an app:
https://github.com/darvincisec/VirtualDynamicAnalysis
・ 无需 root 和重打包,将 App 安装到克隆 App 内实现动态分析
– Jett
• [PDF] https://i.blackhat.com/USA-20/Wednesday/us-20-Quintin-Detecting-Fake-4G-Base-Stations-In-Real-Time.pdf:
https://i.blackhat.com/USA-20/Wednesday/us-20-Quintin-Detecting-Fake-4G-Base-Stations-In-Real-Time.pdf
・ 实时检测 4G 伪基站
– Jett
• Cache poisoning of wget:
https://medium.com/bugbountywriteup/cache-poisoning-of-wget-94a4d70104b1?source=rss----7b722bfd1b8d---4
・ wget缓存中毒
– Schwarrzz
• [Crypto] [PDF] https://www.usenix.org/system/files/foci20-paper-bushart.pdf:
https://www.usenix.org/system/files/foci20-paper-bushart.pdf
・ Padding Ain’t Enough: Assessing the Privacy Guarantees of Encrypted DNS (Paper)
– Jett
• GHSL-2020-069: Unsafe deserialization of XMLRPC arguments in ApacheOfBiz - CVE-2020-9496:
https://github.co/31KaWrA
・ ApacheOfBiz XMLRPC 反序列化漏洞分析(CVE-2020-9496)
– Jett
• [Browser] Everything Old is New Again: Binary Security of WebAssembly:
https://www.usenix.org/conference/usenixsecurity20/presentation/lehmann
・ Everything Old is New Again: Binary Security of WebAssembly
– Jett
• [Browser, macOS] 946156 - Security: Chrome (Mac OS X) - Arbitrary File Permission Modification - chromium:
https://crbug.com/946156
・ macOS 版本的 Chrome 浏览器任意文件权限修改漏洞
– Jett
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论