Tencent Security Xuanwu Lab Daily News
• Secure File Paths in Python:
https://raisistance.com/secure-file-paths-in-python/
・ 为 Python 中的文件路径清理不受信任的用户输入,转义文件路径以防止恶意攻击。
– SecTodayBot
• [Tools] README.md:
https://github.com/binsync/binsync
・ BinSync 是一个基于 Git 版本控制系统构建的反编译器协作工具,可实现与反编译器无关的细粒度逆向工程协作。
– SecTodayBot
• [Tools] GitHub – 0xPugazh/fuzz4bounty: Awesome wordlists for Bug Bounty Hunting:
https://github.com/0xPugazh/fuzz4bounty
・ 包含多种不同应用的fuzz字典汇总
– WireFish
• [Tools] A dive into the PE file format – LAB 1: Writing a PE Parser:
https://0xrick.github.io/win-internals/pe8/
・ 介绍PE文件格式
– WireFish
• [Tools] Noseyparker – A Command-Line Program That Finds Secrets And Sensitive Information In Textual Data And Git History:
https://ift.tt/9yOt51C
・ 从文本数据和git历史中搜索敏感数据的工具
– WireFish
• mast1c0re: Hacking the PS4 / PS5 through the PS2 Emulator – Part 2 – Compiler Attack:
https://cturt.github.io/mast1c0re-2.html
・ 攻击现在PS4/PS5游戏机中的PS2模拟器,穿越模拟环境,并通过攻击编译进程来获得PS4/PS5中的任意代码执行能力
– WireFish
• GitLab v15.3 – Remote Code Execution (RCE) (Authenticated):
http://dlvr.it/SlqgWj
・ GitLab v15.3认证后远程代码执行
– WireFish
• Vim: help.txt:
https://vimhelp.org/
・ Vim使用指导手册
– lanying37
• The Case For Improving Crypto Wallet Security:
https://blog.doyensec.com/2023/03/28/wallet-info.html
・ 安全研究员为目前加密货币钱包提供了几点安全加固建议
– WireFish
• parse-server 从原型污染到 RCE 漏洞(CVE-2022-39396) 分析:
https://paper.seebug.org/2059/
・ parse-server 从原型污染到 RCE 漏洞(CVE-2022-39396) 分析
– WireFish
• Dissecting redis CVE-2023-28425 with chatGPT as assistant:
https://tin-z.github.io/redis/cve/chatgpt/2023/04/02/redis-cve2023.html
・ 以 ChatGPT 为助手剖析 Redis CVE-2023-28425
– SecTodayBot
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(4-4)
