360-CERT每日安全简报
Daily Security Briefing
2020-10-25 星期天
漏洞 Vulnerability
Apache Solr 未授权上传(RCE)漏洞(CVE-2020-13957)的原理分析与验证
https://www.freebuf.com/articles/network/252193.html
Citrix Gateway插件中的多个提权漏洞分析
https://cymptom.com/gateway2hell-multiple-privilege-escalation-vulnerabilities-in-citrix-gateway-plug-in/2020/10/
Issue 1105723: Skia 堆溢出漏洞
https://bugs.chromium.org/p/chromium/issues/detail?id=1105723
恶意软件 Malware
蔓灵花APT组织利用恶意CHM文档针对国内研究机构的攻击活动分析
https://mp.weixin.qq.com/s/9O4nZV-LNHuBy2ihg2XeIw
T-RAT 2.0:通过智能手机控制恶意软件
https://www.gdatasoftware.com/blog/trat-control-via-smartphone
遗失的LNKR
https://www.perimeterx.com/tech-blog/2020/the-missing-lnkr/
安全工具 Security Tools
硬件黑客工具包
https://cybergibbons.com/hardware-hacking/sourcing-a-hardware-hacking-toolkit/
hack-browser-data:用于解密浏览器数据(密码|历史记录|Cookies|书签)的导出工具
https://github.com/moonD4rk/HackBrowserData
apk-medit:用于apk的内存搜索和补丁工具,无需root和ndk
https://github.com/aktsk/apk-medit
安全资讯 Security Information
精彩回顾 | GeekPwn 2020圆满落幕,全球顶尖白帽黑客上演攻防秀!
https://www.anquanke.com/post/id/220507
安全研究 Security Research
火狐浏览器漏洞研究
https://blog.exodusintel.com/2020/10/20/firefox-vulnerability-research/?utm_source=rss&utm_medium=rss&utm_campaign=firefox-vulnerability-research
Edge 漏洞研究
https://microsoftedge.github.io/edgevr/posts/Introducing-Edge-Vulnerability-Research/
v8的垃圾回收机制研究
http://www.jayconrod.com/posts/55/a-tour-of-v8-garbage-collection
如何攻击JavaScript引擎
http://phrack.org/papers/attacking_javascript_engines.html
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn