Tencent Security Xuanwu Lab Daily News****• Breaking The Browser - A tale of IPC, credentials and backdoors - MDSec:https://www.md…

每日安全动态推送 (01-13)-区块链315腾讯玄武实验室区块链作者,团队,专栏,公众号,头条· 2021年1月13日 11:57

Tencent Security Xuanwu Lab Daily News

**
**

• Breaking The Browser - A tale of IPC, credentials and backdoors - MDSec:
https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/

・ "Breaking The Browser – A tale of IPC, credentials and backdoors" – Jett

• Laravel <= v8.4.2 debug mode: Remote code execution:
https://www.ambionics.io/blog/laravel-debug-rce

・ "PHP 框架 Laravel v8.4.2 版本调试模式 RCE 漏洞分析 " – Jett

• Critical Microsoft Defender Bug Actively Exploited; Patch Tuesday Offers 83 Fixes:
https://threatpost.com/critical-microsoft-defender-bug-exploited/162992/

・ " 微软发布 1 月份漏洞补丁公告,本次修复 10 个高危漏洞 " – Jett

• Guest Blog Post: Leaking silhouettes of cross-origin images – Attack & Defense:
https://blog.mozilla.org/attack-and-defense/2021/01/11/leaking-silhouettes-of-cross-origin-images/

・ "Firefox、Chrome 浏览器跨域窃取图片信息漏洞 (CVE-2020-16012) 分析 " – Jett

• Making Clouds Rain :: Remote Code Execution in Microsoft Office 365:
https://hideincite.io/blog/2021/01/12/making-clouds-rain-rce-in-office-365.html

・ "Making Clouds Rain :: Remote Code Execution in Microsoft Office 365" – Jett

• Introducing the In-the-Wild Series:
https://googleprojectzero.blogspot.com/2021/01/introducing-in-wild-series.html

・ "Project Zero 新 Blog,介绍他们 2020 年春发现的野外攻击代码,经分析从中发现多个 0Day,覆盖 Windows、Android、Chrome 浏览器 " – Jett

• ES6 入门教程 :
https://github.com/ruanyf/es6 tutorial

・ "ES6 标准入门教程资源。" – lanying37

• Bypassing Windows protection mechanisms & Playing with OffensiveNim:
https://s3cur3 th1 ssh1 t.github.io/Playing-with-OffensiveNim/

・ "Bypassing Windows protection mechanisms & Playing with OffensiveNim" – Jett

• [Web] Practical Web Cache Poisoning:
https://portswigger.net/research/practical-web-cache-poisoning

・ "Practical Web Cache Poisoning" – Jett

• CCS '20: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security:
https://dl.acm.org/doi/proceedings/10.1145/3372297

・ "CCS'20 会议议题资料公开了 " – Jett

  • 查看或搜索历史推送内容请访问:
    https://sec.today

  • 新浪微博账号:腾讯玄武实验室
    https://weibo.com/xuanwulab

免责声明:作为区块链信息平台,本站所发布文章仅代表作者个人观点,与链闻 ChainNews 立场无关。文章内的信息、意见等均仅供参考,并非作为或被视为实际投资建议。