360-CERT每日安全简报
Daily Security Briefing
2019-12-31 星期二
漏洞 Vulnerability
Microsoft UPnP-本地权限提升Metasploit漏洞模块
https://www.exploit-db.com/exploits/47805?utm_source=dlvr.it&utm_medium=twitter
安全研究 Security Research
谈高效漏洞挖掘之Fuzzing的艺术
https://www.freebuf.com/vuls/221129.html
利用SIGROP漏洞滥用信号量
https://sec.alexflor.es/post/minipwn/
如何编写自己的自定义protobuf变异器
https://bshastry.github.io/2019/12/27/Custom-Proto-Mutation.html
36c3:长亭分享突破ESXi的会议录像
https://media.ccc.de/v/36c3-10505-the_great_escape_of_esxi
WIN32K.SYS中通过索引彩色面板进行的本地特权升级
https://www.zerodayinitiative.com/blog/2019/12/16/local-privilege-escalation-in-win32ksys-through-indexed-color-palettes
安全工具 Security Tools
crawlergo:0Kee Team 开源的用于收集 URL 入口的爬虫
https://github.com/0Kee-Team/crawlergo
PHP-Fuzzer - 基于代码覆盖反馈信息 Fuzz PHP libraries
https://github.com/nikic/PHP-Fuzzer
git-vuln-finder:从git commit消息中查找潜在的软件漏洞
https://github.com/cve-search/git-vuln-finder
windows、linux、osx的x86/x64 Opcode 计算器
https://github.com/horsicq/XOpcodeCalc
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn