360-CERT每日安全简报
Daily Security Briefing
2019-12-01 星期天
漏洞 Vulnerability
CVE-2018-8611:Windows 内核 KTM条件竞争漏洞分析——Slide
http://www.powerofcommunity.net/poc2019/Adams.pdf
CVE-2019-16759:vBulletin预认证远程代码执行漏洞分析
https://www.freebuf.com/vuls/218880.html
安全工具 Security Tools
在线汇编和反汇编网站,支持多种架构
https://disasm.pro/
tcp-ipv6 fuzz: 基于ebpf 实现的 syzkaller tcp-ipv6 fuzzer
https://github.com/hardenedlinux/harbian-qa/blob/master/syzkaller/kstat_demo/tcp-ipv6/test.md
DFIRTriage:针对Windows的事件应急响应数字取证工具
https://www.freebuf.com/articles/system/220240.html
安全资讯 Security Information
网军利用谷歌Chrome浏览器漏洞,针对朝鲜目标发起水坑攻击
https://mp.weixin.qq.com/s/mRf1zLg2Hit02Gc3v9i4Gw
安全研究 Security Research
通过一道pwn题详细分析retdlresolve技术
https://mp.weixin.qq.com/s/WHyZuu6p00CjZy-h-NdE4Q
渗透测试相关资料和工具整理
https://github.com/enaqx/awesome-pentest
ELF文件重定位项解析
http://stffrdhrn.github.io/hardware/embedded/openrisc/2019/11/29/relocs.html
在Linux中利用SUID程序提权
https://www.hackingarticles.in/linux-privilege-escalation-using-capabilities/
扩展IDA的处理器模块,并用于GDB调试
http://www.hexblog.com/?p=1371
恶意软件 Malware
恶意软件分析相关的资料和工具整理
https://malwareanalysis.co/
Legion Credential 后门分析——Youtube
https://www.youtube.com/watch?v=aj56VYpbhzQ&feature=youtu.be
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn