首页 >> 网络安全 >>网络周态 >> 每日安全动态推送(07-29)
详细内容

每日安全动态推送(07-29)

时间:2020-07-29     作者:腾讯玄武实验室【转载】   阅读

• [Windows] PROGRAM DESCRIPTION:
https://www.microsoft.com/en-us/msrc/bounty-windows-insider-preview?rtc=1

   ・ Windows Bug Bounty 计划的评判标准和奖金额度更新了 – Jett


• 'Ghostwriter' Influence Campaign: Unknown Actors Leverage Website Compromises and Fabricated Content to Push Narratives Aligned With Russian Security Interests:
http://www.fireeye.com/blog/threat-research/2020/07/ghostwriter-influence-campaign.html

   ・ FireEye 发布的 'Ghostwriter' 行动分析报告 – Jett


• Authorization bypass in Google’s ticketing system (Google-GUTS):
https://www.ehpus.com/post/authorization-bypass-in-google-s-ticketing-system

   ・ Google Ticket 系统认证绕过漏洞分析 – Jett


• CVE-2020-13777 GnuTLS audit: be scared:
https://anarc.at/blog/2020-06-10-gnutls-audit/

   ・ 开源组件 GnuTLS CVE-2020-13777 漏洞的影响面分析 – Jett


• [Tools] sysdream/ligolo:
https://github.com/sysdream/ligolo

   ・ Ligolo - 为渗透测试专门设计的一款反向 Socks5/TCP 隧道传输工具 – Jett


• GitHub - zhutougg/Awesome-Intranet_pentest_tool:
https://github.com/zhutougg/Awesome-Intranet_pentest_tool

   ・ 内网渗透测试常用工具收集 – Jett


• [Windows] etw tracing handles in kernel:
https://redplait.blogspot.com/2020/07/etw-tracing-handles-in-kernel.html

   ・ 深入对内核中的etw跟踪句柄研究。 – lanying37


• MMS Exploit Part 3: Constructing the Memory Corruption Primitives:
https://googleprojectzero.blogspot.com/2020/07/mms-exploit-part-3-constructing-primitives.html

   ・ MMS Exploit Part 3: Constructing the Memory Corruption Primitives – Jett


• [Browser] YouTube:
https://www.youtube.com/playlist?list=PL9ioqAuyl6UIFAdsM5KU6P-hRJdh-BPmm

   ・ Chrome University 2018(视频) – Jett


• Exploiting Electron Applications using Debug Feature:
https://evren.ninja/en/post/exploiting-electron-applications-/

   ・ Exploiting Electron Applications using Debug Feature – Jett


• [Android] MOBISEC:
https://mobisec.reyammer.io

   ・ MOBISEC 站点将 Mobile Systems and Smartphone Security 课程的 PPT 都公开了 – Jett


• [Tools, IoT] Open and cheap DIY IP-KVM based on Raspberry Pi:
https://github.com/pikvm/pikvm

   ・ 基于Raspberry Pi的开源性廉价DIY IP-KVM系统。 – lanying37


• Kubernetes Vulnerability Puts Clusters at Risk of Takeover (CVE-2020-8558):
https://bit.ly/2CYwc41

   ・ Kubernetes 网络组件 kube-proxy CVE-2020-8558 漏洞的分析 – Jett


• [CTF] Announcing Pwn2Own Tokyo 2020 – Live from Toronto!:
https://www.thezdi.com/blog/2020/7/28/announcing-pwn2own-tokyo-2020-live-from-toronto

   ・ Pwn2Own Tokyo 2020 比赛将于 11 月在线上举办 – Jett

技术支持: 建站ABC | 管理登录