11月8日每日安全热点 - 绕过GitHub的OAuth流程
漏洞 Vulnerability
Cisco Webex Network Recording Player和Cisco Webex Player存在任意代码执行漏洞
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-webex-player
安全资讯 Security Information
卡巴斯基确定2017年影子经纪人泄漏中提到的神秘APT
安全研究 Security Research
CVE-2019-12527:Squid缓冲区溢出漏洞利用分析
https://cert.360.cn/report/detail?id=0c5d2571c8910f242945f9532b6a404c
绕过GitHub的OAuth流程
https://blog.teddykatz.com/2019/11/05/github-oauth-bypass.html
VMWare ESXi and Workstation Uninitialized Variable RCE(CVE-2018-6981)漏洞分析
https://github.com/badd1e/Disclosures/tree/master/CVE-2018-6981_VMWare_ESXi
绕过AngularJS绑定HTML
https://portswigger.net/research/bypassing-angularjs-bind-html
内核利用实践:绕过KPTI和SMEP
https://github.com/pr0cf5/kernel-exploit-practice/tree/master/bypass-smep
Chakra漏洞调试笔记5-CVE-2019-0861复现
https://www.anquanke.com/post/id/190533#comment
SVG攻击面剖析
https://www.fortinet.com/blog/threat-research/scalable-vector-graphics-attack-surface-anatomy.html
通过RDP虚拟通道建立命令和控制会话
https://ijustwannared.team/2019/11/07/c2-over-rdp-virtual-channels/
攻击和破坏Docker容器和Kubernetes集群
相关站点
我来评几句
登录后评论已发表评论数()