11月8日每日安全热点 - 绕过GitHub的OAuth流程

时间 2019-11-08 09:44:25 安全客

原文 https://www.anquanke.com/post/id/190593

主题 GitHub OAuth

漏洞 Vulnerability

Cisco Webex Network Recording Player和Cisco Webex Player存在任意代码执行漏洞

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-webex-player

安全资讯 Security Information

卡巴斯基确定2017年影子经纪人泄漏中提到的神秘APT

https://www.zdnet.com/article/kaspersky-identifies-mysterious-apt-mentioned-in-2017-shadow-brokers-leak/

安全研究 Security Research

CVE-2019-12527：Squid缓冲区溢出漏洞利用分析

https://cert.360.cn/report/detail?id=0c5d2571c8910f242945f9532b6a404c

绕过GitHub的OAuth流程

https://blog.teddykatz.com/2019/11/05/github-oauth-bypass.html

VMWare ESXi and Workstation Uninitialized Variable RCE（CVE-2018-6981）漏洞分析

https://github.com/badd1e/Disclosures/tree/master/CVE-2018-6981_VMWare_ESXi

绕过AngularJS绑定HTML

https://portswigger.net/research/bypassing-angularjs-bind-html

内核利用实践：绕过KPTI和SMEP

https://github.com/pr0cf5/kernel-exploit-practice/tree/master/bypass-smep

Chakra漏洞调试笔记5-CVE-2019-0861复现

https://www.anquanke.com/post/id/190533#comment

SVG攻击面剖析

https://www.fortinet.com/blog/threat-research/scalable-vector-graphics-attack-surface-anatomy.html

通过RDP虚拟通道建立命令和控制会话

https://ijustwannared.team/2019/11/07/c2-over-rdp-virtual-channels/

攻击和破坏Docker容器和Kubernetes集群

https://speakerdeck.com/madhuakula/breaking-and-pwning-docker-containers-and-kubernetes-clusters-all-day-devops-2019

推荐文章

我来评几句

登录后评论

已发表评论数()

相关站点

安全客

＋订阅

热门文章