每日安全动态推送(01-24)

Tencent Security Xuanwu Lab Daily News

• Non-administrative DCOM Execution: Exploring BloodHound’s ExecuteDCOM:
https://simondotsh.com/infosec/2021/12/29/dcom-without-admin.html

   ・ Non-administrative DCOM Execution: Exploring BloodHound’s ExecuteDCOM – Jett

• Cisco StarOS Flaw Let Attackers Gain Remote Code Execution on Vulnerable Device:
https://gbhackers.com/cisco-staros-flaw/

   ・ Cisco StarOS 被发现 RCE 漏洞 – Jett

• README.md:
https://github.com/RangerNJU/Static-Program-Analysis-Book

   ・ 静态程序分析入门教程 – Jett

• [Android] Snooping on Android 12’s Privacy Dashboard:
http://thebinaryhick.blog/2022/01/22/snooping-on-android-12s-privacy-dashboard/

   ・ Snooping on Android 12’s Privacy Dashboard. – lanying37

• Azure Active Directory:
https://github.com/rootsecdev/Azure-Red-Team

   ・ Azure 云环境安全测试相关的资料 – Jett

• Table Of Contents:
https://github.com/ly4k/Certipy

   ・ Certipy – Python implementation for Active Directory certificate abuse – Jett

• Fuzzercorn:
https://github.com/wtdcode/fuzzercorn

   ・ 为 Unicorn 模拟器引擎提供 libfuzzer 的支持 – Jett

• GitHub – rui314/mold: mold: A Modern Linker:
https://github.com/rui314/mold

   ・ mold – 一款主打性能的链接器，比 LLVM lld 快 – Jett

• Path Traversal Paradise:
https://kuldeep.io/posts/path-traversal-paradise/

   ・ VMWare VCenter、Spring Boot 等多个产品的路径穿越漏洞案例 – Jett

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab

原文始发于微信公众号（腾讯玄武实验室）：每日安全动态推送(01-24)