每日安全动态推送(08-16)

admin 腾讯玄武实验室 2019-08-16


Tencent Security Xuanwu Lab Daily News


• [Wireless] KNOB Attack: 
https://knobattack.com/

   ・ 有研究员公开了一种针对蓝牙密钥协商过程的攻击 - Key Negotiation of Bluetooth (KNOB) – Jett


• [iOS, Tools] nowsecure/airspy: 
https://github.com/nowsecure/airspy

   ・ NowSecure 开源的一款用于剖析 iOS/macOS Apple AirDrop 协议的工具,基于 Frida 实现 – Jett


• [Android] Intercepting traffic from Android Flutter applications: 
https://blog.nviso.be/2019/08/13/intercepting-traffic-from-android-flutter-applications/

   ・ Android Flutter 应用的流量劫持实践 – Jett


• [Tools] superhedgy/AttackSurfaceMapper: 
https://github.com/superhedgy/AttackSurfaceMapper

   ・ AttackSurfaceMapper - 一款开源的情报搜集工具 – Jett


• [IoT] RouterOS Post Exploitation: 
https://medium.com/tenable-techblog/routeros-post-exploitation-784c08044790

   ・ 来自 DEF CON 27 会议上针对 MikroTik RouterOS 系统的漏洞利用研究 – Jett


• [Vulnerability] Adobe Acrobat Reader getUIPerms/ setUIPerms Unicode String Out-of-bound Read: 
https://paper.seebug.org/1016/

   ・ Adobe Acrobat Reader getUIPerms/ setUIPerms 越界读漏洞分析 – Jett


• [PDF] https://i.blackhat.com/USA-19/Wednesday/us-19-Hasarfaty-Behind-The-Scenes-Of-Intel-Security-And-Manageability-Engine.pdf: 
https://i.blackhat.com/USA-19/Wednesday/us-19-Hasarfaty-Behind-The-Scenes-Of-Intel-Security-And-Manageability-Engine.pdf

   ・ 针对 Intel CSME 子系统安全性的研究,来自 BlackHat USA 2019 – Jett


• ERIM: Secure, Efficient In-process Isolation with Protection Keys (MPK): 
https://www.usenix.org/conference/usenixsecurity19/presentation/vahldiek-oberwagner

   ・ ERIM - USENIX 会议上一篇关于如何在进程内实现隔离并高效地保护密钥信息的研究 Paper – Jett


• [Conference, Windows, Vulnerability] [PDF] https://i.blackhat.com/USA-19/Wednesday/us-19-Baril-He-Said-She-Said-Poisoned-RDP-Offense-And-Defense.pdf: 
https://i.blackhat.com/USA-19/Wednesday/us-19-Baril-He-Said-She-Said-Poisoned-RDP-Offense-And-Defense.pdf

   ・ Poisoned RDP - UK CERT 发现的一款不同于 BlueKeep 的 Windows RDP 协议的 RCE 漏洞 – Jett


• [Fuzzing, Tools] RUB-SysSec/antifuzz: 
https://github.com/RUB-SysSec/antifuzz

   ・ 波鸿鲁尔大学关于如何在二进制程序中对抗 Fuzz 自动化发现漏洞的研究 – Jett


* 查看或搜索历史推送内容请访问: 
https://sec.today

* 新浪微博账号: 腾讯玄武实验室 
https://weibo.com/xuanwulab

    已同步到看一看

    发送中

    本站仅按申请收录文章,版权归原作者所有
    如若侵权,请联系本站删除
    觉得不错,分享给更多人看到
    腾讯玄武实验室 热门文章:

    BadTunnel:跨网段劫持广播协议    阅读/点赞 : 3386/54

    安全动态推送春节合辑(上)    阅读/点赞 : 449/5

    每日安全动态推送(02-21)    阅读/点赞 : 392/4

    每日安全动态推送(03-13)    阅读/点赞 : 390/6

    每日安全动态推送(09-19)    阅读/点赞 : 380/4

    每日安全动态推送(10-11)    阅读/点赞 : 378/4

    每日安全动态推送(06-20)    阅读/点赞 : 368/6

    每日安全动态推送(10-19)    阅读/点赞 : 344/4

    每日安全动态推送(11-25)    阅读/点赞 : 331/4

    每日安全动态推送(07-18)    阅读/点赞 : 320/4

    腾讯玄武实验室 微信二维码

    腾讯玄武实验室 微信二维码