每日安全资讯-2020.3.26

声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。

1、I want to learn about exploitation! Where do I start?
2、Docker Desktop Local Privilege Escalation (CVE-2020-10665)
3、Symbolic Hooks Part 4: The App Container Traverse-ty
4、Pentesting Cisco SD-WAN Part 1: Attacking vManage(CVE-2019-16010, CVE-2019-16012)
5、Analysis Of Exploitation: CVE-2020-10189
6、a kernel bug POC in AppleJPEGDriverUserClient(CVE-2020-9768)
7、Grandstream UCM62xx SQL Injection(CVE-2020-5722)
8、Evasion Techniques Dissected: A Mirai Case Study
9、TamperETW:A proof of concept to demonstrate how CLR ETW events can be filtered/tampered
10、PoC for CVE-2020-0069 tested on a Xiaomi Redmi 6a (with a Mediatek SoC MT6762M)
11、Breaking through Windows’ defenses: Analyzing mLNK Builder
12、Criminals hack Tupperware website with credit card skimmer
13、Server-Side Template Injection in Netflix Conductor(CVE-2020-9296)
14、Linux Hacking Case Studies Part 3: phpMyAdmin
15、New Router DNS Hijacking Attacks Abuse Bitbucket to Host Infostealer

8AAFD13D93A74C5379B928CD0F19A2B6