首页 >> 网络安全 >>漏洞预警 >> 每日安全动态推送(08-05)
详细内容

每日安全动态推送(08-05)

时间:2020-08-05     作者:腾讯玄武实验室【转载】   阅读

• [Tools] FUDGE: Fuzz Driver Generation at Scale:
https://research.google/pubs/pub48314/

   ・ FUDGE: Fuzz Driver Generation at Scale,大规模自动化生产用于 Fuzz 目标的测试驱动代码 – Jett


• Apache Struts research at scale, Part 3: Exploitation - Security Boulevard:
http://feedproxy.google.com/~r/SecurityBloggersNetwork/~3/F7l7TvlFO5U/

   ・ Apache Struts版本大规模安全研究,第3部分:开发。 – lanying37


• CVE-2020-14644 分析与 gadget 的一些思考:
https://paper.seebug.org/1281/

   ・ Weblogic CVE-2020-14644 分析与 gadget 的一些思考  – Jett


• Debugging DLL’s – 3 techniques to help you get started:
https://blog.nviso.eu/2020/08/04/debugging-dlls-3-techniques-to-help-you-get-started/

   ・ 调试 DLL 代码的几种方法 – Jett


• AST Injection, Prototype Pollution to RCE:
https://blog.p6.is/AST-Injection/

   ・ 通过 AST 注入技术实现两个主流模板引擎的 RCE – Jett


• Masking Malicious Memory Artifacts – Part III: Bypassing Defensive Scanners - Security Boulevard:
http://feedproxy.google.com/~r/SecurityBloggersNetwork/~3/3937O87cO10/

   ・ 恶意内存隐藏第三部分-绕过杀软扫描 – Schwarrzz


• A Pentesters Guide - Part 5 (Unmasking WAFs and Finding the Source):
https://delta.navisec.io/a-pentesters-guide-part-5-unmasking-wafs-and-finding-the-source/

   ・ 渗透测试者指南-第5部分(揭露WAF和查找源) – lanying37


• [CTF] Announcing the Seventh Annual Flare-On Challenge:
http://www.fireeye.com/blog/threat-research/2020/08/announcing-the-seventh-annual-flare-on-challenge.html

   ・ 今年的 Flare-On CTF 将于下个月举办 – Jett


• [Tools] EnumerationList:
https://github.com/Droidzzzio/EnumerationList

   ・ 用于枚举子域wordlist,php文件路径,html文件路径和js文件路径的开源工具 – Schwarrzz


• [Web] Cookie Based PHP Local File Inclusion ( Bug Bounty):
https://link.medium.com/QxVy7k2GE8

   ・ 基于Cookie的PHP本地文件包含漏洞 – Schwarrzz


• MMS Exploit Part 4: MMS Primer, Completing the ASLR Oracle:
https://googleprojectzero.blogspot.com/2020/08/mms-exploit-part-4-completing-aslr-oracle.html

   ・ MMS Exploit Part 4: MMS Primer, Completing the ASLR Oracle  – Jett


• [macOS] Objective-See's Blog:
https://objective-see.com/blog/blog_0x4D.html

   ・ CVE-2020–9854: "Unauthd" - (three) logic bugs ftw! – Jett


• [Tools] cobbr/Covenant:
https://github.com/cobbr/Covenant

   ・ .NET 编写的一款 C&C 渗透框架 – Jett


• [Android] Why are Frida and QBDI a Great Blend on Android?:
http://blog.quarkslab.com/why-are-frida-and-qbdi-a-great-blend-on-android.html

   ・ 利用 Frida 和 QBDI 动态分析 Android Native Function – Jett

.
更多

1589982338979126.png


ots网络社区

www.ots-sec.cn

猜你喜欢
更多
联系方式
更多

投稿邮箱:1481840992@qq.com

交流群2群:622534175

ots网络社区3群:1078548359

关注我们
更多
技术支持: 建站ABC | 管理登录