Tencent Security Xuanwu Lab Daily News
• README.md:
https://github.com/mzlogin/awesome-adb
・ Awesome ADB(Android Debug Bridge)
– Jett
• 一道有趣的CTF赛题-unicode引发的WebAssembly与js交互问题:
https://tttang.com/archive/1434/
・ 一道有趣的CTF赛题-unicode引发的WebAssembly与js交互问题.
– lanying37
• Scaling Dumb Fuzzing with Kubernetes:
https://www.archcloudlabs.com/projects/dumb_fuzzing/
・ 在 Kubernetes 管理的容器中大规模 Fuzz radare2
– Jett
• Find You: Building a stealth AirTag clone:
https://positive.security/blog/find-you
・ Positive 团队将 AirTag 改造成跟踪器的研究
– Jett
• GitHub – midisec/BypassAnti-Virus: 免杀姿势学习、记录、复现。:
https://github.com/midisec/BypassAnti-Virus
・ BypassAnti-Virus: 免杀技术学习资料.
– lanying37
• [Fuzzing] loiclec/fuzzcheck-rs:
https://github.com/loiclec/fuzzcheck-rs
・ Fuzzcheck is a modular, structure-aware, and feedback-driven fuzzing engine for Rust functions.
– Jett
• [Linux] Linux kernel Use-After-Free (CVE-2021-23134) PoC.:
https://ruia-ruia.github.io/NFC-UAF/
・ Linux 内核 NFC 子系统的一个 UAF 漏洞
– Jett
• Meet Kraken: A New Golang Botnet in Development:
https://www.zerofox.com/blog/meet-kraken-a-new-golang-botnet-in-development/
・ Kraken – Zerofox 对一款 Go 语言写的 Botnet 的分析
– Jett
• [Vulnerability] Finding an unseen SQL Injection by bypassing escape functions in mysqljs/mysql:
https://flattsecurity.medium.com/finding-an-unseen-sql-injection-by-bypassing-escape-functions-in-mysqljs-mysql-90b27f6542b4
・ mysqljs/mysql 的 escape 实现导致的 SQL 注入
– Jett
• [Windows] Process Overwriting:
https://github.com/hasherezade/process_overwriting
・ Process Overwriting – 在进程中注入 PE 文件
– Jett
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(02-22)
