360-CERT每日安全简报
Daily Security Briefing
2021-01-13 星期三
安全研究 Security Research
CVE-2020-9971: XPC Service 特权提升漏洞分析
https://xlab.tencent.com/en/2021/01/11/cve-2020-9971-abusing-xpc-service-to-elevate-privilege/
我如何窃取数以百万计的Google帐户数据
https://blog.usejournal.com/how-i-stole-the-data-in-millions-of-peoples-google-accounts-aa1b72dcc075
攻击OAuth:Redirect_URI
https://gupta-bless.medium.com/exploiting-oauth-redirect-uri-3e27de6d7a70
利用Beacon Object File通过线程劫持进行远程进程注入
https://connormcgarr.github.io/thread-hijacking/
Real World CTF 2020 Game2048 Writeup
https://r3kapig.com/writeup/20210111-rwctf-game2048/
Hyper-V 调试方式探索
https://hvinternals.blogspot.com/2021/01/hyper-v-debugging-for-beginners-2nd.html
恶意软件 Malware
BORG :一个快速进化的僵尸网络
https://security.tencent.com/index.php/blog/msg/175
Sunburst后门分析
https://securelist.com/sunburst-backdoor-kazuar/99981/
EMOTET:通过电子邮件传播方式对其溯源
https://github.com/cecio/EMOTET-2020-Reversing
安全事件 Security Incident
新西兰储备银行的数据被黑客窃取
https://www.bleepingcomputer.com/news/security/new-zealand-reserve-bank-suffers-data-breach-via-hacked-storage-partner/
联合泄漏了超过10万个环境署工作人员记录
https://www.bleepingcomputer.com/news/security/united-nations-data-breach-exposed-over-100k-unep-staff-records/
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn