每日安全动态推送(1-11)

渗透技巧 10个月前 admin
54 0 0
Tencent Security Xuanwu Lab Daily News

• Writing shellcodes for Windows x64:
https://nytrosecurity.wordpress.com/2019/06/30/writing-shellcodes-for-windows-x64/

   ・ 介绍了如何在Windows平台上开发shellcode,包括了x86和x64架构的区别,以及汇编语言在不同架构下的使用。 – SecTodayBot


• Fault Injection Attacks against the ESP32-C3 and ESP32-C6:
https://courk.cc/esp32-c3-c6-fault-injection

   ・ 探讨了针对ESP32芯片的TOCTOU方法,揭示了新的漏洞信息,并提供了针对该漏洞的POC。 – SecTodayBot


• Leveraging Binary Ninja IL to Reverse a Custom ISA: Cracking the “Pot of Gold” 37C3:
https://www.synacktiv.com/publications/leveraging-binary-ninja-il-to-reverse-a-custom-isa-cracking-the-pot-of-gold-37c3

   ・ 使用Binary Ninja Intermediate Language (IL)对37C3 CTF的Pot of Gold挑战的自定义指令集架构(ISA)进行反向工程的过程 – SecTodayBot


• Red Hat Security Advisory 2024-0089-03 ≈ Packet Storm:
https://packetstormsecurity.com/files/176415

   ・ 披露了Control-M Web版本9.0.20.200存在的多个严重漏洞,包括未经身份验证的SQL注入、弱哈希算法、弱密码要求、明文存储会话令牌等。 – SecTodayBot


• Microsoft Common Log File System Elevation of Privilege Vulnerability:
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-20653

   ・ Microsoft Common Log File System Elevation of Privilege Vulnerability – SecTodayBot


• Stack Based Buffer Overflows on x86 (Windows) – Part I:
https://nytrosecurity.wordpress.com/2017/12/09/stack-based-buffer-overflows-on-x86-windows-part-i/

   ・ 详细介绍了在x86(32位)Windows上利用“基于栈的缓冲区溢出”的漏洞。 – SecTodayBot


• Start Your Engines – Capturing the First Flag in Google’s New v8CTF:
https://www.madstacks.dev/posts/Start-Your-Engines-Capturing-the-First-Flag-in-Google
‘s-New-v8CTF/

   ・ 介绍了作者在Google的新v8CTF比赛中捕获第一个Flag的经历,包括发现并利用v8 JavaScript引擎中的漏洞 – SecTodayBot


• GitHub – nickvourd/Windows-Local-Privilege-Escalation-Cookbook: Windows Local Privilege Escalation Cookbook:
https://github.com/nickvourd/Windows-Local-Privilege-Escalation-Cookbook

   ・ 提供Windows本地权限提升的详细分析和利用示例 – SecTodayBot


• Colliding Secure Hashes | Blog:
https://www.da.vidbuchanan.co.uk/blog/colliding-secure-hashes.html

   ・ 讨论了哈希函数的安全性,特别是通过截断来削弱哈希函数的方法,是关于密码学技术核心方面的内容。 – SecTodayBot


• Nysm – A Stealth Post-Exploitation Container:
http://dlvr.it/T18wZX

   ・ 通过隐藏eBPF、PID和sockets等方式,nysm是一个新型的隐蔽后渗透容器工具。 – SecTodayBot


• From start to finish: How to hack OPC UA – OpalOPC:
https://opalopc.com/how-to-hack-opc-ua/

   ・ 如何攻击OPC UA协议,涉及了新的漏洞信息披露、漏洞分析、利用工具和安全脚本的使用 – SecTodayBot


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(1-11)

版权声明:admin 发表于 2024年1月11日 下午2:57。
转载请注明:每日安全动态推送(1-11) | CTF导航

相关文章

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...