每日安全资讯-2020.3.30

声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。

1、Scanning JS Files for Endpoint and Secrets
2、SauronEye is a search tool built to aid red teams in finding files containing specific keywords.
3、CVE-2020-8816 – Pi-hole Remote Code Execution(CVE-2020-8816)
4、McAfee Config Decryptor
5、Mark-of-the-Web from a red team’s perspective
6、Learn XPC exploitation - Part 1: Broken cryptography
7、Chrome Extension Analysis
8、D-Link DSL-2640B multiple vulnerabilities(CVE-2020-9275…9279)
9、iOS exploit chain deploys LightSpy feature-rich malware
10、How are we doing with Android’s overlay attacks in 2020?
11、Exploring the minimist prototype pollution security vulnerability
12、Tunnelling TCP connections into iOS on QEMU
13、Getting root on a Zyxel VMG8825-T50 router
14、雷克萨斯汽车安全研究综述报告
15、Runtime Mobile Security (RMS) is a powerful web interface that helps you to manipulate Android Java Classes and Methods at Runtime
16、Take Down MacOS Bluetooth with Zero-click RCE
17、padding-oracle-attacker:CLI tool and library to execute padding oracle attacks easily, with support for concurrent network requests and an elegant UI.
18、CVE-2020-0729: Remote Code Execution Through .LNK Files
19、SecWiki周刊(2020/03/23-2020/03/29)
20、Shiro权限绕过漏洞分析(CVE-2020-2957)
21、Bypass All The GPOs
22、Linux Hacking Case Studies Part 5: Building a Vulnerable Linux Server
23、IoT 上 SSL 安全开发小结
24、威胁情报告警显示某样本异常活跃,追踪发现湖南某网吧遭挖矿木马突袭
25、Liferay Portal Json Web Service 反序列化漏洞(CVE-2020-7961)
26、DrayTek Vigor企业级路由器和交换机设备在野0-day 漏洞分析报告