Tencent Security Xuanwu Lab Daily News
• Electron Research:
https://github.com/msrkp/electron-research
・ Electron Prototype Pollution XSS 漏洞的影响
– Jett
• Patch diffing CVE-2022–21907:
https://piffd0s.medium.com/patch-diffing-cve-2022-21907-b739f4108eee
・ HTTP 协议栈 RCE 漏洞 CVE-2022–21907 的补丁分析
– Jett
• [Windows] 2228 – Windows: EFSRPC Arbitrary File Upload EoP – project-zero:
https://bugs.chromium.org/p/project-zero/issues/detail?id=2228
・ Windows EFSRPC 服务任意文件上传本地提权漏洞分析(CVE-2021-43893)
– Jett
• [Attack] The BlueNoroff cryptocurrency hunt is still on:
https://securelist.com/the-bluenoroff-cryptocurrency-hunt-is-still-on/105488/
・ APT 组织 BlueNoroff 近期的关注点是加密货币
– Jett
• trailofbits/manticore:
https://github.com/trailofbits/manticore
・ Manticore – trailofbits 开源的符号执行工具,用于分析智能合约和二进制文件
– Jett
• Audit of the MimbleWimble Integration Inside Litecoin:
http://blog.quarkslab.com/audit-of-the-mimblewimble-integration-inside-litecoin.html
・ Litecoin 区块链 MimbleWimble 协议实现的安全性研究
– Jett
• Fake dnSpy – 当黑客也不讲伍德:
http://paper.seebug.org/1812/
・ Fake dnSpy – 当黑客也不讲伍德.
– lanying37
• SCTF两道web题的writeup及出题感想:
https://tttang.com/archive/1393/
・ SCTF两道web题的writeup及出题感想.
– lanying37
• CVE-2021-42342 Goahead 环境变量注入漏洞分析:
https://bestwing.me/CVE-2021-42342-Goahead.html
・ CVE-2021-42342 Goahead 环境变量注入漏洞分析
– Jett
• [Windows] Searching for Deserialization Protection Bypasses in Microsoft Exchange (CVE-2022–21969):
https://medium.com/@frycos/searching-for-deserialization-protection-bypasses-in-microsoft-exchange-cve-2022-21969-bfa38f63a62d
・ Searching for Deserialization Protection Bypasses in Microsoft Exchange (CVE-2022–21969)
– Jett
• North Korean APTs Stole ~$400M in Crypto in 2021:
https://threatpost.com/north-korea-apts-stole-400m-cryptocurrency/177638/
・ 据报道,2021 年朝鲜 APT 组织 Lazarus 共窃取加密货币 4 亿美金
– Jett
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(01-14)
