[Windows] Solving Uninitialized Stack Memory on Windows:https://msrc-blog.microsoft.com/2020/05/13/solving-uninitialized-stack-memory-on-windows/
・ 微软解决栈上内存未初始化导致漏洞的思路与方法 – Jett
Playing with GZIP: RCE in GLPI (CVE-2020-11060):https://offsec.almond.consulting/playing-with-gzip-rce-in-glpi.html
・ Playing with GZIP: RCE in GLPI (CVE-2020-11060) – Jett
[Tools, Malware] How a Security Anomaly was Accidentally Found in an EAL6+ JavaCard:http://blog.quarkslab.com/how-a-security-anomaly-was-accidentally-found-in-an-eal6-javacard.html
・ OwnerPIN.check JavaCard API 泄漏 PIN 码长度 – Jett
[Tools] Analyzing Dark Crystal RAT, a C# backdoor:http://www.fireeye.com/blog/threat-research/2020/05/analyzing-dark-crystal-rat-backdoor.html
・ Dark Crystal RAT的新变种分析 – Schwarrzz
ARM pointer authentication:https://lwn.net/Articles/718888/
・ 针对新ARM版本指针身份验证安全探讨。 – lanying37
[Windows] TALOS-2020-1015 || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence:https://talosintelligence.com/vulnerability_reports/TALOS-2020-1015
・ Microsoft Office Excel s_Schema Code Execution Vulnerability – Jett
[CTF] SharkyCTF - EZDump writeups / Linux Forensics introduction:https://www.synacktiv.com/posts/challenges/sharkyctf-ezdump-writeups-linux-forensics-introduction.html
・ SharkyCTF EZDump writeups – Jett
Microsoft Addresses 111 Bugs for May Patch Tuesday:https://threatpost.com/microsoft-111-bugs-may-patch-tuesday/155669/
・ 微软发布本月漏洞补丁更新 – Jett
[Windows] PrintDemon: Print Spooler Privilege Escalation, Persistence & Stealth (CVE-2020-1048 & more) – Winsider Seminars & Solutions Inc.:https://windows-internals.com/printdemon-cve-2020-1048/
・ 微软刚刚修复的 Windows Print Spooler 服务本地提权漏洞的分析(CVE-2020-1048) – Jett
Adobe Kills 16 Critical Flaws in Acrobat and Reader, Digital Negative SDK:https://threatpost.com/adobe-kills-16-critical-flaws-in-acrobat-and-reader-digital-negative-sdk/155652/
・ Adobe 发布补丁公告,修复 16 个高危漏洞 – Jett
[Browser] How Chromium Got its Mojo?:https://blogs.igalia.com/gyuyoung/2020/05/11/how-chromium-got-its-mojo/
・ How Chromium Got its Mojo – Jett
[macOS] Kernel Debugging macOS with SIP | Offensive Security:https://hubs.ly/H0qqGSz0
・ 在MacOS平台中使用LLDB进行系统内核调试分析。 – lanying37
[Vulnerability] What is a Buffer Overflow and How Hackers Exploit these Flaws Part 1:https://cybsploit.com/2020/05/03/what-is-a-buffer-overflow-and-how-hackers-exploit-these-flaws-part-1-MUVNamJDTEp6cy85Z3dXd1VJeUludz09
・ 什么是缓冲区溢出以及如何利用漏洞教程系列(第1部分) – lanying37
* 查看或搜索历史推送内容请访问:
https://sec.today
* 微信公众号: 腾讯玄武实验室
+关注
快速开通微博你可以查看更多内容,还可以评论、转发微博。