每日安全动态推送(10-16)

Tencent Security Xuanwu Lab Daily News

• Secure Elements: The Bedrock of Hardware Wallet Security:
https://blog.keyst.one/secure-elements-the-bedrock-of-hardware-wallet-security-1dd8cbdef461?gi=78f9d779c72f

   ・ 硬件钱包安全的基本规则 – WireFish

• Finding a POP chain on a common Symfony bundle : part 2:
https://www.synacktiv.com/en/publications/finding-a-pop-chain-on-a-common-symfony-bundle-part-2

   ・ 在 Symfony 的通用 bundle 中构建 ROP 链 – WireFish

• GitHub – pstirparo/machofile: machofile is a module to parse Mach-O binary files:
https://github.com/pstirparo/machofile

   ・ Mach-O文件格式解析工具 – WireFish

• Ruijie Reyee Mesh Router – MITM Remote Code Execution (RCE):
http://dlvr.it/SxC707

   ・ Ruijie Reyee Mesh 路由器 MITM RCE – WireFish

• The evolution of Windows authentication:
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/the-evolution-of-windows-authentication/ba-p/3926848

   ・ 介绍 Windows 鉴权方式的变迁 – WireFish

• #HITB2023HKT D1T1 – Exploiting The Lexmark PostScript Stack – Aaron Adams:
https://www.youtube.com/watch?v=MPEX4TtZqEU

   ・ 攻击 Lexmark 激光打印机的 PostScript Stack – WireFish

• QBinDiff: A modular diffing toolkit:
http://blog.quarkslab.com/qbindiff-a-modular-diffing-toolkit.html

   ・ 新的二进制文件 diff 工具 – WireFish

• Let’s prototype a JavaScript JIT compiler!:
https://youtu.be/8mxubNQC5O8

   ・ 如何实现一个 JavaScript JIT 编译器 – WireFish

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab

原文始发于微信公众号（腾讯玄武实验室）：每日安全动态推送(10-16)