11月8日每日安全热点 - 绕过GitHub的OAuth流程

漏洞  Vulnerability

Cisco Webex Network Recording Player和Cisco Webex Player存在任意代码执行漏洞

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-webex-player

安全资讯  Security Information

卡巴斯基确定2017年影子经纪人泄漏中提到的神秘APT

https://www.zdnet.com/article/kaspersky-identifies-mysterious-apt-mentioned-in-2017-shadow-brokers-leak/

安全研究  Security Research

CVE-2019-12527:Squid缓冲区溢出漏洞利用分析

https://cert.360.cn/report/detail?id=0c5d2571c8910f242945f9532b6a404c

绕过GitHub的OAuth流程

https://blog.teddykatz.com/2019/11/05/github-oauth-bypass.html

VMWare ESXi and Workstation Uninitialized Variable RCE(CVE-2018-6981)漏洞分析

https://github.com/badd1e/Disclosures/tree/master/CVE-2018-6981_VMWare_ESXi

绕过AngularJS绑定HTML

https://portswigger.net/research/bypassing-angularjs-bind-html

内核利用实践:绕过KPTI和SMEP

https://github.com/pr0cf5/kernel-exploit-practice/tree/master/bypass-smep

Chakra漏洞调试笔记5-CVE-2019-0861复现

https://www.anquanke.com/post/id/190533#comment

SVG攻击面剖析

https://www.fortinet.com/blog/threat-research/scalable-vector-graphics-attack-surface-anatomy.html

通过RDP虚拟通道建立命令和控制会话

https://ijustwannared.team/2019/11/07/c2-over-rdp-virtual-channels/

攻击和破坏Docker容器和Kubernetes集群

https://speakerdeck.com/madhuakula/breaking-and-pwning-docker-containers-and-kubernetes-clusters-all-day-devops-2019

我来评几句
登录后评论

已发表评论数()

相关站点

+订阅
热门文章