每日安全动态推送(08-18)

  • A+
所属分类:安全新闻
Tencent Security Xuanwu Lab Daily News


• VMProtect? Nope.:
https://github.com/can1357/NoVmp

   ・ 将VMProtect虚拟化为优化的VTIL并编译回x64项目 – Schwarrzz


• Screenshots:
https://github.com/Jewel591/xssmap

   ・ XSSMAP-一款快速检测Web应用程序中的XSS漏洞的开源工具  – Schwarrzz


• [Windows] Understanding & Preventing LDAP Injection | SecureCoding:
https://www.securecoding.com/understanding-and-preventing-ldap-injection/

   ・ 了解与防止LDAP恶意注入安全研究。  – lanying37


• [Malware] [PDF] https://documents.trendmicro.com/assets/pdf/XCSSET_Technical_Brief.pdf:
https://documents.trendmicro.com/assets/pdf/XCSSET_Technical_Brief.pdf

   ・ 新型MacOS恶意软件完整分析报告 – Schwarrzz


• [Tools] PowerShell Commands for Incident Response - Securityinbits:
https://www.securityinbits.com/incident-response/powershell-commands-for-incident-response/

   ・ PowerShell事件响应命令总结 – lanying37


• GitHub - hslatman/awesome-malware-analysis: A curated list of awesome malware analysis tools and resources:
https://github.com/hslatman/awesome-malware-analysis

   ・ 一些恶意软件分析会用到的工具和资源集合 – Schwarrzz


• PoC Exploit Targeting Apache Struts Surfaces on GitHub:
https://threatpost.com/poc-exploit-github-apache-struts/158393/

   ・ GitHub 出现 Apache Struts 2 漏洞 PoC – Jett


• Resources:
https://github.com/maubot/gitlab

   ・ 适用于maubot的GitLab客户端和Webhook接收器。  – Schwarrzz


• WebSphere CVE-2020-4450 反序列化远程代码执行漏洞深度分析:
http://blog.topsec.com.cn/websphere-cve-2020-4450-%e5%8f%8d%e5%ba%8f%e5%88%97%e5%8c%96%e8%bf%9c%e7%a8%8b%e4%bb%a3%e7%a0%81%e6%89%a7%e8%a1%8c%e6%bc%8f%e6%b4%9e%e6%b7%b1%e5%ba%a6%e5%88%86%e6%9e%90/

   ・ WebSphere CVE-2020-4450 反序列化远程代码执行漏洞深度分析  – Jett


• IoT Security: 7 Essential Must-Knows:
http://feedproxy.google.com/~r/PaloAltoNetworks/~3/mYGYBtcOIBw/

   ・ 物联网安全:学习7个必不可少的安全知识体系。 – lanying37


• Weblogic漏洞利用猫池挖矿事件分析 - FreeBuf网络安全行业门户:
https://www.freebuf.com/articles/terminal/246830.html

   ・ Weblogic漏洞利用猫池挖矿事件分析. – lanying37


• [Windows] SassyKitdi: Kernel Mode TCP Sockets + LSASS Dump:
https://zerosum0x0.blogspot.com/2020/08/sassykitdi-kernel-mode-tcp-sockets.html

   ・ SassyKitdi:内核模式TCP套接字+ LSASS转储。 – lanying37


• [CTF] 文件分享:
https://share.weiyun.com/5HjUBNL

   ・ TCTF / 0CTF js相关题目Writeup分享 – Schwarrzz


• Using Echidna to test a smart contract library:
https://blog.trailofbits.com/2020/08/17/using-echidna-to-test-a-smart-contract-library/

   ・ 利用 Echidna Fuzzer 测试智能合约库 – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: