Tencent Security Xuanwu Lab Daily News
• G.O.S.S.I.P 学术论文推荐 2022-03-10 OpenBSD/Firefox 漏洞演化史:
https://mp.weixin.qq.com/s/GvD1b9Lb6VLZQht7c0YMsw
・ G.O.S.S.I.P 学术论文推荐 2022-03-10 OpenBSD/Firefox 漏洞演化史
– Jett
• veinmind-tools:
https://github.com/chaitin/veinmind-tools
・ veinmind-tools – 长亭科技开源的容器安全工具集
– Jett
• GitHub 安装:
https://github.com/xiecat/goblin
・ Goblin – 一款适用于红蓝对抗中的仿真钓鱼系统
– Jett
• syscall的前世今生:
https://tttang.com/archive/1464/
・ 探究syscall的前世今生.
– lanying37
• VMware Authorisation Service-converted.pdf:
https://drive.google.com/file/d/1O1QoNVmFCiNUFDbAp3RtrBbg2O532txU/view?usp=sharing
・ 有研究员公开了一个 VMware Workstation/Player Host 本地提权漏洞的细节
– Jett
• macOS Red Teaming: Bypass TCC with old apps:
https://wojciechregula.blog/post/macos-red-teaming-bypass-tcc-with-old-apps/
・ macOS Red Teaming: Bypass TCC with old apps
– Jett
• jiangsir404/POC-S:
https://github.com/jiangsir404/POC-S
・ 用于红蓝对抗中快速验证 Web 应用漏洞的工具
– Jett
• [Tools] GitHub – Accenture/VulFi:
https://github.com/Accenture/VulFi
・ VulFi – 一款用于辅助在 IDA Pro 中挖掘漏洞的插件
– Jett
• [Windows] Exploiting a use-after-free in Windows Common Logging File System (CLFS):
https://blog.exodusintel.com/2022/03/10/exploiting-a-use-after-free-in-windows-common-logging-file-system-clfs/?utm_source=rss&utm_medium=rss&utm_campaign=exploiting-a-use-after-free-in-windows-common-logging-file-system-clfs
・ Windows CLFS 文件系统驱动 clfs.sys UAF 漏洞的利用
– Jett
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(03-11)