每日安全动态推送(01-11)

渗透技巧 3年前 (2022) admin
870 0 0
Tencent Security Xuanwu Lab Daily News


• Debug Native Messaging:
https://textslashplain.com/2022/01/08/debug-native-messaging/

   ・ 监控浏览器扩展与 NativeMessaging Host 之间的 Native 消息 – Jett


• [Tools] SQL Injection in WordPress core (CVE-2022–21661):
https://medium.com/@ngocnb.915/sql-injection-in-wordpress-core-zdi-can-15541-a451c492897

   ・ WordPress core (CVE-2022–21661) SQL 注入漏洞的分析(越南语) – Jett


• 昆仑实验室:
https://www.cyberkl.com/cvelist/cvedetail/38

   ・ 昆仑实验室对 XNU Mach Port CVE-2021-30909 漏洞的分析 – Jett


• [Windows] Kernel Karnage – Part 8 (Getting Around DSE):
https://blog.nviso.eu/2022/01/10/kernel-karnage-part-8-getting-around-dse/

   ・ Kernel Karnage – Part 8 (Getting Around DSE) – Jett


• Process Herpaderping:
https://github.com/jxy-s/herpaderping

   ・ Process Herpaderping – 通过替换进程的磁盘镜像绕过杀软检测 – Jett


• [iOS] 昆仑实验室:
https://www.cyberkl.com/cvelist/cvedetail/33

   ・ 昆仑实验室 对 XNU turnstile UAF CVE-2021-30916 漏洞的分析 – Jett


• 我们是如何发现PBX设备的固件后门的(译文):
https://tttang.com/archive/1398/

   ・ 我们是如何发现PBX设备的固件后门的(译文). – lanying37


• VoLTE/VoWiFi research with $0 of equipment: set up a phone network over Wi-Fi calling:
https://worthdoingbadly.com/vowifi2/

   ・ 基于 Wi-Fi 搭建一个 VoLTE/VoWiFi 环境 – Jett


• r/ReverseEngineering – Breaking Zynq’s secure boot (the tedious way):
https://www.reddit.com/r/ReverseEngineering/comments/rzovs8/breaking_zynqs_secure_boot_the_tedious_way/

   ・ Zynq的漏洞分析 第三部分: (CVE-2021-27208). – lanying37


• [Pentest] Domain Escalation – sAMAccountName Spoofing:
https://pentestlab.blog/2022/01/10/domain-escalation-samaccountname-spoofing/

   ・ Domain Escalation – sAMAccountName Spoofing – Jett


• NCC Group’s 2021 Annual Research Report:
https://research.nccgroup.com/2022/01/10/2021-annual-research-report/

   ・ NCC Group 发布的 2021 年度研究报告,报告的研究角度主要是 2021 年全年的会议、技术博客、工具链 – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(01-11)

版权声明:admin 发表于 2022年1月11日 上午4:23。
转载请注明:每日安全动态推送(01-11) | CTF导航

相关文章

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...