CTF导航 CTF导航

每日安全动态推送(01-13)

渗透技巧 3年前 (2022) admin
799 0 0
Tencent Security Xuanwu Lab Daily News


• Vulnerabilities and Threats in Local Authorization on iOS Devices:
https://www.securing.pl/en/vulnerabilities-and-threats-in-local-authorization-on-ios-devices/

   ・ iOS App 依赖本地认证的威胁攻击面 – Jett


• windows内核之Null指针解引用(四):
https://tttang.com/archive/1400/

   ・ windows内核之Null指针解引用(四). – lanying37


• CVE-2020-9715: Exploiting the Adobe ESObject Use-After-Free Vulnerability:
https://www.pixiepointsecurity.com/blog/nday-cve-2020-9715.html

   ・ Adobe Acrobat Reader ESObject UAF 漏洞的分析和利用(CVE-2020-9715) – Jett


• Pwn2Own Vancouver Returns for the 15th Anniversary of the Contest:
https://www.zerodayinitiative.com/blog/2022/1/12/pwn2own-vancouver-2022-luanch#auto

   ・ 即将举办的 2022 Pwn2Own Vancouver 比赛的项目及规则公布了 – Jett


• Project Torogoz Extensive Hacking of Media & Civil Society in El Salvador with Pegasus Spyware:
https://citizenlab.ca/2022/01/project-torogoz-extensive-hacking-media-civil-society-el-salvador-pegasus-spyware/

   ・ 来自 CitizenLab 对 Pegasus 的研究报告 – “Extensive Hacking of Media & Civil Society in El Salvador with Pegasus Spyware” – Jett


• [PDF] https://hernan.de/research/papers/firmwire-ndss22-hernandez.pdf:
https://hernan.de/research/papers/firmwire-ndss22-hernandez.pdf

   ・ FIRMWIRE – 基带处理器固件的模拟执行平台,用于固件的动态分析(Paper) – Jett


• IOCTL 0xCF532013:
https://github.com/kasif-dekel/OSR_DeviceTree_Vuln/blob/main/README.md

   ・ 有研究员向 OSR DeviceTree 提交了一个本地提权漏洞,OSR 直接从网站上移除了该工具 – Jett


• [Malware, macOS] SysJoker, the first (macOS) malware of 2022!:
https://objective-see.com/blog/blog_0x6C.html

   ・ 安全研究人员发表2022年 (macOS)平台第一个新的“SysJoker ”恶意软件安全报告.  – lanying37


• [Windows] Signed kernel drivers – Unguarded gateway to Windows’ core:
https://www.welivesecurity.com/2022/01/11/signed-kernel-drivers-unguarded-gateway-windows-core/

   ・ ESET 对恶意软件开发者滥用有效签名驱动的漏洞加载恶意驱动的案例研究报告 – Jett


• Handling Malicious Microsoft Office Files During Incident Response:
https://www.intezer.com/blog/malware-analysis/analyze-malicious-microsoft-office-files/

   ・ 恶意 Office 文件的分析 – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(01-13)

版权声明:admin 发表于 2022年1月13日 上午4:19。
转载请注明:每日安全动态推送(01-13) | CTF导航

相关文章

华泰证券:证券行业应用安全架构设计实践
admin
634
每日安全动态推送(12-21)
admin
760
oracle数据库跨操作系统的备份与还原
admin
745
每日安全动态推送(2-27)
admin
345
Four Short Links(4): 云上应用设计模式/ATT&CK/XSS/BugBountyTips
admin
656
【最新漏洞预警】Spring Cloud Function SPEL表达式注入漏洞分析与复现
admin
1,101

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...

相关文章

Boolean-based SQL Injection in ZoneMinder v1.37.* <= 1.37.64
0
Open-Source Intelligence Summit 2024议题慢递
0
NTLM Relaying – Making the Old New Again
0
每日安全动态推送(24/11/4)
0
wuzhicms<=4.1.0后台RCE(0day)
0
每周蓝军技术推送(2024.10.26-11.1)
0
Apache Solr漏洞CVE-2024-45216分析
0
某小型cms漏洞复现审计
0
Distributed RPC Framework RemoteModule has Deserialization RCE in pytorch/pytorch(CVE-2024-48063)
0
JWT(JSON Web Token) 攻击面小结
0