CTF导航 CTF导航

每日安全动态推送(03-14)

渗透技巧 3年前 (2022) admin
430 0 0
Tencent Security Xuanwu Lab Daily News


• [PDF] https://grsecurity.net/Compilers_The_Old_New_Security_Frontier_BlueHat_IL_2022.pdf:
https://grsecurity.net/Compilers_The_Old_New_Security_Frontier_BlueHat_IL_2022.pdf

   ・ Compilers: The Old New Security Frontier,来自 Bluehat 2022 会议的演讲 – Jett


• [CTF] Writing Anti-Anti-Virus Exploit (AuViel – Hayyim CTF 2022):
https://ptr-yudai.hatenablog.com/entry/2022/02/13/122744

   ・ Hayyim CTF 2022 比赛 ClamAV 漏洞 writeup – Jett


• [Browser] Exploit Development: Browser Exploitation on Windows – CVE-2019-0567, A Microsoft Edge Type Confusion Vulnerability (Part 1):
https://connormcgarr.github.io/type-confusion-part-1/

   ・ Microsoft Edge CVE-2019-0567 类型混淆漏洞的利用过程 – Jett


• Understanding the booting process of a computer and trying to write own operating system. – de engineering:
https://de-engineer.github.io/Understanding-booting-process-and-writing-own-os/

   ・ 操作系统的启动过程 – Jett


• efiSeek for Ghidra:
https://github.com/retrage/efiSeek/tree/efi-xplorer

   ・ Ghidra analyzer for UEFI firmware – Jett


• Reverse Engineering a Netgear Nday | StarkeBlog:
https://nstarke.github.io/netgear/nday/2022/03/13/reverse-engineering-a-netgear-nday.html

   ・ Netgear 路由器 CVE-2021-34979 漏洞的分析 – Jett


• GitHub – jkctech/Telegram-Trilateration: Proof of concept for abusing Telegram’s “People Near Me” feature and tracking people’s location:
https://github.com/jkctech/Telegram-Trilateration

   ・ 滥用 Telegram 的 “People Near Me” 特性实现位置跟踪 – Jett


• [Tools] FirmWire:
https://github.com/FirmWire/FirmWire

   ・ FirmWire – 基带固件分析平台,支持 Samsung 和 MediaTek – Jett


• GitHub – fingerprintjs/blog-nojs-fingerprint-demo: A demo for the no-JavaScript fingerprinting article:
https://github.com/fingerprintjs/blog-nojs-fingerprint-demo

   ・ 不依赖 JavaScript 和 Cookie 构建用户指纹 – Jett


• [BugTales] Exploiting CSN.1 Bugs in MediaTek Basebands:
https://labs.taszk.io/articles/post/mtk_baseband_csn1_exploitation/

   ・ Exploiting CSN.1 Bugs in MediaTek Basebands – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(03-14)

版权声明:admin 发表于 2022年3月14日 下午1:33。
转载请注明:每日安全动态推送(03-14) | CTF导航

相关文章

红队技巧 | 持久化攻击(绕过AMSI)
admin
1,120
SRC挖掘 – IDOR万元赏金的打怪升级之路
admin
20
Reverse Engineering Terminator aka Zemana AntiMalware/AntiLogger Driver
admin
288
Checkmk: Remote Code Execution by Chaining Multiple Bugs (1/3)
admin
576
致远OA_ofd解压漏洞安全补丁分析
admin
639
CVE-2021-30955 PoC
admin
483

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...

相关文章

浙江大学 | MINER:一种用于REST API模糊测试的混合数据驱动方法
0
Visionaries Have Democratised Remote Network Access – Citrix Virtual Apps and Desktops (CVE Unknown)
0
Jupyter Notebook从未授权到GetShell
0
每日安全动态推送(24/11/14)
0
springboot环境下的写文件RCE
0
终端对抗防御逃逸-内存免杀
0
Apache OFBiz 命令执行漏洞分析(CVE-2024-45195、CVE-2024-45507)
0
Resin URL解析特性导致权限认证绕过分析
0
CVE-2024-4956:Nexus Repository 3目录穿越漏洞
0
原创 Paper | CodeQL 入门和基本使用
0