Tencent Security Xuanwu Lab Daily News
• Introduction to Whiteboxes and Collision-Based Attacks With QBDI:
http://blog.quarkslab.com/introduction-to-whiteboxes-and-collision-based-attacks-with-qbdi.html
・ QBDI 在白盒加密方向的应用 - Whiteboxes and Collision-Based Attacks With QBDI
– Jett
• [Tools, Pentest] GitHub - yogeshojha/rengine: A simple recon engine for penetration testing:
https://github.com/yogeshojha/rengine
・ 用于自动化收集渗透测试所需信息的平台
– Jett
• Breaking Samsung firmware, or turning your S8/S9/S10 in to a DIY “Proxmark”:
https://www.pentestpartners.com/security-blog/breaking-samsung-firmware-or-turning-your-s8-s9-s10-in-to-a-diy-proxmark/
・ 破解三星的固件,并将S8 / S9 / S10型号手机DIY成Proxmark开源的RFID安全研究工具。
– lanying37
• Samsung Qmage MMS Exploit (CVE-2020-8899):
https://github.com/googleprojectzero/SkCodecFuzzer/tree/master/mms_exploit
・ Samsung Qmage MMS Exploit (CVE-2020-8899)
– Jett
• 车联网安全系列——特斯拉 NFC 中继攻击(CVE-2020-15912):
https://www.anquanke.com/post/id/213885
・ 特斯拉 NFC 中继攻击(CVE-2020-15912)
– Jett
• [Fuzzing] On Measuring and Visualizing Fuzzer Performance:
https://hexgolems.com/2020/08/on-measuring-and-visualizing-fuzzer-performance/
・ Fuzzer 性能的评估以及评估过程的可视化
– Jett
• [Tools] avast/retdec-r2plugin:
https://github.com/avast/retdec-r2plugin
・ Radare2 插件,用于将 RetDec 反汇编工具集成进 Radare2
– Jett
• Cisco 7937G All-In-One Exploiter:
https://packetstormsecurity.com/files/158817
・ Cisco 7937G 设备 CVE-2020-16139/16138/16137 漏洞一键攻击代码
– Jett
• 以太坊安全之 EVM 与短地址攻击:
https://paper.seebug.org/1296/
・ 以太坊安全之 EVM与短地址攻击。
– lanying37
• GlueBall: The story of CVE-2020–1464:
https://link.medium.com/BK6kY8Ym08
・ 利用 Windows 加密实现的问题实现 EXE 证书验证欺骗(CVE-2020–1464)
– Jett
• [CTF, Android] Hacker101 CTF: Android Challenge Writeups:
https://buff.ly/3aui2o2
・ Hacker101 CTF Android 方向题目的 Writeup
– Jett
• [Windows] CVE-2020–14979: Local Privilege Escalation in EVGA PrecisionX1:
https://posts.specterops.io/cve-2020-14979-local-privilege-escalation-in-evga-precisionx1-cf63c6b95896
・ EVGA Precision X1 Windows 本地提权漏洞分析(CVE-2020–14979)
– Jett
• vBulletin Remote Code Execution (CVE-2020-7373):
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/vbulletin-remote-code-execution-cve-2020-7373/
・ vBulletin Remote Code Execution (CVE-2020-7373)
– Jett
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论