漏洞 Vulnerability
疑似VMWare Tools的沙箱逃逸0day poc
https://github.com/SandboxEscaper/chasingpolarbears/tree/master/vmwarebug
CVE-2019-19604:Git submodule update 命令执行漏洞
https://gitlab.com/gitlab-com/gl-security/disclosures/blob/master/003_git_submodule/advisory.md
CVE-2019-18935:在Telerik UI中通过不安全的反序列化执行远程代码
https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui
安全研究 Security Research
ProjectZero: 从.NET调用本地Windows RPC服务器
https://googleprojectzero.blogspot.com/2019/12/calling-local-windows-rpc-servers-from.html
Red Team 电子书集合
https://redteams.net/bookshelf
Botconf 2019:Android 恶意软件静态分析
https://maxkersten.nl/wp-content/uploads/2019/12/StaticAndroidMalwareAnalysisWorkshop-Botconf2019.pdf
CVE-2019-9812:利用 Firefox 浏览器 Sync 同步功能的逻辑漏洞逃逸沙箱
https://www.thezdi.com/blog/2019/12/15/syncing-out-of-the-firefox-sandbox
HTTP请求走私+ IDOR
https://hipotermia.pw/bb/http-desync-idor
Windows 10 低碎片堆(LFH)的研究 Paper
https://github.com/peleghd/Windows-10-Exploitation/blob/master/Low_Fragmentation_Heap_(LFH)_Exploitation_-_Windows_10_Userspace_by_Saar_Amar.pdf
安全工具 Security Tools
PEExplorerV2:开源 PE 文件静态分析工具
https://github.com/zodiacon/PEExplorerV2
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论