每日安全动态推送(04-11)

渗透技巧 3年前 (2022) admin
649 0 0
Tencent Security Xuanwu Lab Daily News


• airtag/woot22-paper.pdf:
https://github.com/seemoo-lab/airtag/blob/main/woot22-paper.pdf

   ・ 提取并修改 AirTag 的固件,定制自己的 AirTag – Jett


• Google is on guard: sharks shall not pass!:
https://research.checkpoint.com/2022/google-is-on-guard-sharks-shall-not-pass/

   ・ Checkpoint 研究团队在 Google Play 市场发现一个伪装称反病毒 App 的 Android Stealer – Sharkbot – Jett


• Chrome Mojo组件的沙箱逃逸漏洞分析:
https://mp.weixin.qq.com/s/tGwCwOQ8eAwm26fHXTCy5A

   ・ Chrome Mojo 组件的沙箱逃逸漏洞分析 – Jett


• 源码层面梳理Java RMI交互流程:
https://tttang.com/archive/1530/

   ・ 源码层面梳理Java RMI交互流程 – lanying37


• In the land of PHP you will always be (use-after-)free:
https://adepts.of0x.cc/challenge01-php-uaf/

   ・ Exploiting a User-After-Free on PHP to bypass disable_functions – Jett


• Firewall analysis: A portable graph based approach:
https://diablohorn.com/2022/04/09/firewall-analysis-a-portable-graph-based-approach/

   ・ 防火墙分析: 使用图形化的工具方法。 – lanying37


• [iOS] CVE-2021-30737, @xerub’s 2021 iOS ASN.1 Vulnerability:
https://googleprojectzero.blogspot.com/2022/04/cve-2021-30737-xerubs-2021-ios-asn1.html

   ・ Project Zero 对 iOS ASN.1 Parser CVE-2021-30737 漏洞的分析 – Jett


• QEMU QXL Integer overflow leads to Heap Overflow:
https://starlabs.sg/advisories/21-4206/

   ・ QEMU QXL Integer overflow leads to Heap Overflow – Jett


• CVE-2022-26381: Gone by others! Triggering a UAF in Firefox:
https://www.thezdi.com/blog/2022/4/7/cve-2022-26381-gone-by-others-triggering-a-uaf-in-firefox

   ・ CVE-2022-26381: Gone by others! Triggering a UAF in Firefox – Jett


• Improving software supply chain security with tamper-proof builds:
http://security.googleblog.com/2022/04/improving-software-supply-chain.html

   ・ Google 提出利用 Build 验证链的方式解决 Build 服务器被黑导致的供应链安全问题 – Jett


• Frida Internal – Part 2: 核心组件 frida-core:
https://evilpan.com/2022/04/09/frida-core/

   ・ Frida Internal – Part 2: 核心组件 frida-core – Jett


• Analysis of CVE-2022-21882 “Win32k Window Object Type Confusion Exploit”:
https://www.coresecurity.com/core-labs/articles/analysis-cve-2022-21882-win32k-window-object-type-confusion-exploit

   ・ Analysis of CVE-2022-21882 “Win32k Window Object Type Confusion Exploit” – Jett


• Linux下无文件Java agent探究:
https://tttang.com/archive/1525/

   ・ Linux下无文件Java agent探究 – lanying37


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(04-11)

版权声明:admin 发表于 2022年4月11日 下午12:21。
转载请注明:每日安全动态推送(04-11) | CTF导航

相关文章

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...