CTF导航 CTF导航

每日安全动态推送(03-31)

渗透技巧 3年前 (2022) admin
580 0 0
Tencent Security Xuanwu Lab Daily News


• CVE-2022-22948: Sensitive Information Disclosure in VMware vCenter – Pentera:
https://www.pentera.io/blog/information-disclosure-in-vmware-vcenter/

   ・ VMware vCenter CVE-2022-22948 信息泄露漏洞分析 – Jett


• [PDF] https://www.bitdefender.com/files/News/CaseStudies/study/413/Bitdefender-PR-Whitepaper-WCam-creat5991-en-EN.pdf:
https://www.bitdefender.com/files/News/CaseStudies/study/413/Bitdefender-PR-Whitepaper-WCam-creat5991-en-EN.pdf

   ・ Wyze Cam IoT 设备被发现认证绕过和栈溢出 RCE 漏洞 – Jett


• Pwning 3CX Phone Management Backends from the Internet | by frycos | Mar, 2022 | Medium:
https://medium.com/@frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88

   ・ Hacking 3CX电话系统 – Jett


• Spring4Shell: Security Analysis of the latest Java RCE ‘0-day’ vulnerabilities in Spring | LunaSec:
https://www.lunasec.io/docs/blog/spring-rce-vulnerabilities/

   ・ LunaSec 对高危 Spring4Shell 漏洞的分析 – Jett


• [IoT] Pwning Microsoft Azure Defender for IoT | Multiple Flaws Allow Remote Code Execution for All – SentinelOne:
https://www.sentinelone.com/labs/pwning-microsoft-azure-defender-for-iot-multiple-flaws-allow-remote-code-execution-for-all/

   ・ 微软 Azure Defender for IoT 密码还原机制存在漏洞,攻击者可以远程控制设备 – Jett


• GARAGEBAND AND LOGIC:
https://www.atredis.com/blog/2022/03/29/veni-midi-vici-conquering-cve-2022-22657-and-cve-2022-22664

   ・ Fuzz macOS GarageBand 和 Logic Pro X 支持的 MIDI 文件格式 – Jett


• [PDF] https://arxiv.org/pdf/2203.15121.pdf:
https://arxiv.org/pdf/2203.15121.pdf

   ・ PACTIGHT – 基于 ARM Pointer Authentication (PA) 的更严格的控制流劫持防御方案 – Jett


• 【Rootkit 系列研究】序章:悬顶的达摩克利斯之剑:
https://paper.seebug.org/1867/

   ・ 【Rootkit 系列研究】序章:悬顶的达摩克利斯之剑 – lanying37


• Understanding Arm64EC ABI and assembly code:
https://docs.microsoft.com/en-us/windows/uwp/porting/arm64ec-abi

   ・ Windows 11 on Arm Arm64EC ABI Internals – Jett


• GitHub – ptresearch/AttackDetection: Attack Detection:
https://github.com/ptresearch/AttackDetection

   ・ Positive Research 团队开源了他们为开源 IDS/IPS 引擎 Suricata 写的大量漏洞检测规则 – Jett


• Automating DFIR using Cloud services:
https://zawadidone.nl/automating-dfir-using-cloud-services/

   ・ Automating DFIR using Cloud services – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(03-31)

版权声明:admin 发表于 2022年3月31日 下午12:10。
转载请注明:每日安全动态推送(03-31) | CTF导航

相关文章

web选手入门pwn(15) ——off by null
admin
128
蓝军技术推送(第十五弹)
admin
663
蓝军技术推送——SharpSpray域密码喷射工具、CS内存对抗文章、Openssl Dos
admin
827
别再 –gpu-launcher 了——Chromium 参数注入的利用技巧
admin
1,206
每周蓝军技术推送(2023.9.16-9.22)
admin
219
Researchers Detail Kubernetes Vulnerability That Enables Windows Node Takeover
admin
45

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...

相关文章

浙江大学 | MINER:一种用于REST API模糊测试的混合数据驱动方法
0
Visionaries Have Democratised Remote Network Access – Citrix Virtual Apps and Desktops (CVE Unknown)
0
Jupyter Notebook从未授权到GetShell
0
每日安全动态推送(24/11/14)
0
springboot环境下的写文件RCE
0
终端对抗防御逃逸-内存免杀
0
Apache OFBiz 命令执行漏洞分析(CVE-2024-45195、CVE-2024-45507)
0
Resin URL解析特性导致权限认证绕过分析
0
CVE-2024-4956:Nexus Repository 3目录穿越漏洞
0
原创 Paper | CodeQL 入门和基本使用
0