每日安全动态推送(03-22)

Tencent Security Xuanwu Lab Daily News

• [Pentest] Unconstrained Delegation:
https://pentestlab.blog/2022/03/21/unconstrained-delegation/

   ・ Windows Kerberos 认证之 Unconstrained Delegation 研究 – Jett

• BlueHat IL 2022:
https://www.youtube.com/watch?v=BVBuADTsiG4&list=PLnWGkkkDVeqiTAdYxmGJnAGpjSNRSKwKm&index=4

   ・ BlueHat IL 2022 会议的视频公开了 – Jett

• Teaclave: A Universal Secure Computing Platform:
https://github.com/apache/incubator-teaclave

   ・ Apache Teaclave – Apache 开源的通用安全计算平台 – Jett

• Browser-in-the-Browser Attack Makes Phishing Nearly Invisible:
https://threatpost.com/browser-in-the-browser-attack-makes-phishing-nearly-invisible/179014/

   ・ Browser-in-the-Browser 钓鱼攻击 – Jett

• awesome-llvm-security:
https://github.com/gmh5225/awesome-llvm-security

   ・ LLVM 安全相关的资料收集 – Jett

• 3D GPU: 加速QEMU逃逸:
https://vul.360.net/archives/368

   ・ 3D GPU: 加速QEMU逃逸 – Jett

• [Firmware] UEFI Firmware Vulnerabilities: Past, Present and Future:
https://github.com/binarly-io/Research_Publications/tree/main/OffensiveCon_2022

   ・ BINARLY Labs 在 OffensiveCon 2022 会议的演讲 PPT “UEFI Firmware Vulnerabilities: Past, Present and Future” – Jett

• 针对Exchange的攻击方式:
https://tttang.com/archive/1487/

   ・ 针对Exchange的攻击方式 – lanying37

• Reversing embedded device bootloader (U-Boot) – p.2:
https://www.shielder.com/blog/2022/03/reversing-embedded-device-bootloader-u-boot-p.2/

   ・ Reversing embedded device bootloader (U-Boot) – p.2 – Jett

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab

原文始发于微信公众号（腾讯玄武实验室）：每日安全动态推送(03-22)