每日安全动态推送(02-14)

Tencent Security Xuanwu Lab Daily News

• [PDF] https://arxiv.org/ftp/arxiv/papers/2201/2201.04853.pdf:
https://arxiv.org/ftp/arxiv/papers/2201/2201.04853.pdf

   ・ FuzzingDriver – 为 Coverage-based Greybox Fuzzers 生成字典 Token 的工具 – Jett

• flashback_connects (Cisco RV340 SSL VPN Unauthenticated Remote Code Execution as root):
https://github.com/pedrib/PoC/blob/master/advisories/Pwn2Own/Austin_2021/flashback_connects/flashback_connects.md

   ・ Cisco RV340 SSL VPN Unauth root RCE 漏洞分析 – Jett

• How I made $31500 by submitting a bug to Facebook:
https://medium.com/@win3zz/how-i-made-31500-by-submitting-a-bug-to-facebook-d31bb046e204

   ・ How I made $31500 by submitting a bug to Facebook – Jett

• [Fuzzing, Tools] [PDF] https://arxiv.org/pdf/2202.03643.pdf:
https://arxiv.org/pdf/2202.03643.pdf

   ・ SNPSFuzzer – 基于快照实现高性能网络协议灰盒 Fuzz 的工具 – Jett

• [Web] Facebook-BugBounty-Writeups:
https://github.com/jaiswalakshansh/Facebook-BugBounty-Writeups

   ・ Meta(Facebook) BugBounty-Writeups – Jett

• The Derby of Static Software Testing: Joern vs CodeQl:
https://elmanto.github.io/posts/sast_derby_joern_vs_codeql

   ・ 静态代码分析工具 Joern 与 CodeQl 的比较 – Jett

• Overview of GLIBC heap exploitation techniques:
https://0x434b.dev/overview-of-glibc-heap-exploitation-techniques/

   ・ GLIBC 2.34 堆漏洞利用技术的攻与防 – Jett

• [Fuzzing] Structure-aware Go fuzzing: How to fuzz with complex types:
https://adalogics.com/blog/structure-aware-go-fuzzing-complex-types

   ・ go-fuzz-headers – 为 Go Fuzzer 提供对复杂数据类型 Fuzz 的工具 – Jett

• Securing Network Management Systems (Part 2): Moxa MXview:
https://www.claroty.com/2022/02/10/blog-research-securing-network-management-systems-moxa-mxview/

   ・ MXview 网络管理系统被发现 unauth RCE – Jett

• [Tools] OzLockCon 2017 – Bluetooth that bites — BTLE Unlocking – Huajiang ‘Kevin2600’ Chen:
https://www.youtube.com/watch?v=jJ1QCFa4kDw

   ・ OzLockCon 2017会议视频 – Bluetooth that bites — BTLE Unlocking – Huajiang ‘Kevin2600’ Chen. – lanying37

• [Malware] Debugging JavaScript:
https://flaviocopes.com/debugging/

   ・ JavaScript 调试技巧总结.  – lanying37

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab

原文始发于微信公众号（腾讯玄武实验室）：每日安全动态推送(02-14)