(转载)2020.7.27-8.2一周安全知识动态
2020.7.27-8.2一周安全知识动态
转自
漏洞挖掘相关
•Coverage Guided Fuzzing in Go
1 | https://alexplaskett.github.io/coverage-guided-fuzzing-golang/对Go语言的基于反馈的fuzz |
•Fuzzing software: advanced tricks (Part 2)
1 | https://securitylab.github.com/research/fuzzing-software-2Fuzzing软件:高级技巧第二部分 |
漏洞利用相关
•Root Cause Analyses for 0-day In-the-Wild Exploits
1 | https://googleprojectzero.blogspot.com/2020/07/root-cause-analyses-for-0-day-in-wild.htmlproject zero关于在野0day利用情况的分析 |
•Detection Deficit: A Year in Review of 0-days Used In-The-Wild in 2019
1 | https://googleprojectzero.blogspot.com/2020/07/detection-deficit-year-in-review-of-0.html2019年在野0day利用回顾 |
浏览器漏洞相关
•Speculation in JavaScriptCore
1 | https://webkit.org/blog/10308/speculation-in-javascriptcore/jsc官博上关于优化推断技术实现的介绍 |
•Issue 1072171: Security: missing the -0 case when intersecting and computing the Type::Range in NumberMax
1 | https://bugs.chromium.org/p/chromium/issues/detail?id=1072171V8 NumberMaxType漏洞 |
CTF相关
•Heap Exploitation
1 | https://heap-exploitation.dhavalkapil.com/glibc堆利用电子书 |
应用程序漏洞相关
•Authorization bypass in Google’s ticketing system (Google-GUTS)
1 | https://www.ehpus.com/post/authorization-bypass-in-google-s-ticketing-system绕过谷歌ticketing系统 |
•Expert release a PoC exploit code for a recently addressed critical flaw in Microsoft SharePoint, .NET Framework, and Visual Studio
1 | https://securityaffairs.co/wordpress/106281/hacking/cve-2020-1147-poc-sharepoint.html?utm_source=dlvr.it&utm_medium=twitter&utm_campaign=cve-2020-1147-poc-sharepointCVE-2020-1147 poc公布 |
•How I bypassed 2fa in a 3 years old private program!
1 | https://shivangx01b.github.io/2fa_bypass/双因子认证绕过技术 |
•Discovering Buffer overflows in NodeJS core
1 | https://medium.com/@social_62682/discovering-buffer-overflows-in-nodejs-core-b4af76c00bbaNodeJS core中的缓冲区溢出漏洞 |
操作系统漏洞相关
•STORSVC WRITEUP AND INTRODUCTION ABOUT MY ANALYSIS SCRIPT
1 | https://whereisk0shl.top/post/storsvc_writeup_and_introduction_about_my_analysis_scriptk0shl关于kernel分析的脚本以及本地提权漏洞分析 |
•Setting Up An Android VM For Analyzing Mobile Applications
1 | https://github.com/1d8/Android-Analysis安卓app分析环境设置 |
•Exploiting popular macOS apps with a single “.terminal” file.
1 | https://medium.com/@metnew/exploiting-popular-macos-apps-with-a-single-terminal-file-f6c2efdfedaa通过“.terminal” file攻击macOS app |
•Seeing (Sig)Red
1 | https://sensepost.com/blog/2020/seeing-sigred/如何检测SigRed(CVE-2020-1350) 漏洞 |
•CVE-2020-1313
1 | https://github.com/irsl/CVE-2020-1313WindowsUpdateOrchestratorService本地提权漏洞 |
•Grubbing Secure Boot the Wrong Way: CVE-2020-10713
1 | https://capsule8.com/blog/grubbing-secure-boot-the-wrong-way-cve-2020-10713/CVE-2020-10713GrubbingSecureBoot漏洞分析 |