CTF导航 CTF导航

每日安全动态推送(04-12)

渗透技巧 3年前 (2022) admin
653 0 0
Tencent Security Xuanwu Lab Daily News


• Tech Community Live: Windows security:
https://youtu.be/xvzM1xRFfmY

   ・ 技术社区在线会议视频:探讨Windows11的安全问题 – lanying37


• Automatically extracting static antivirus signatures:
https://blog.scrt.ch/2022/04/05/automatically-extracting-static-antivirus-signatures/

   ・ 自动化提取防病毒软件的静态检测特征以实现检测逃逸 – Jett


• 漂亮侧信道:从timeless attack到pipeline的放大攻击:
https://mp.weixin.qq.com/s/N6CWX9ZVnbyeYBIibwb0SA

   ・ 漂亮侧信道:从timeless attack到pipeline的放大攻击 – Jett


• [Linux] Introduction to Exploit Development:
https://samsclass.info/127/ED_2020.shtml

   ・ Introduction to Exploit Development – lanying37


• CVE-2022-22965: Analyzing the Exploitation of Spring4Shell Vulnerability in Weaponizing and Executing the Mirai Botnet Malware:
https://www.trendmicro.com/en_us/research/22/d/cve-2022-22965-analyzing-the-exploitation-of-spring4shell-vulner.html

   ・ 趋势对 Spring4Shell CVE-2022-22965 漏洞真实攻击样本的分析 – Jett


• AWS RDS Vulnerability Leads to AWS Internal Service Credentials:
https://blog.lightspin.io/aws-rds-critical-security-vulnerability

   ・ 利用 AWS RDS EC2 实例的本地文件读漏洞窃取 AWS 内部服务的密钥 – Jett


• NTLMquic:
https://blog.xpnsec.com/ntlmquic/

   ・ Windows 支持的 SMB over QUIC 在攻击中的使用 – Jett


• Meta’s SparkAR RCE Via ZIP Path Traversal:
https://blog.fadyothman.com/metas-sparkar/

   ・ Meta 的 Spark AR Windows 应用被发现 RCE 漏洞 – Jett


• [PDF] https://shadowmydx.github.io/papers/icse22-main-1314.pdf:
https://shadowmydx.github.io/papers/icse22-main-1314.pdf

   ・ One Fuzzing Strategy to Rule Them All(Paper) – Jett


• [Windows] Chief Information Security Officer (CISO) Workshop – Security documentation:
http://ow.ly/8Dwu30qKq7J

   ・ 微软推出的 CISO Workshop 培训的资料 – Jett


• Pwning the bcm61650 – The Cave:
https://blog.xilokar.info/pwning-the-bcm61650.html

   ・ Pwning the bcm61650 – Jett


• Semgrep ruleset for C/C++ vulnerability research:
https://security.humanativaspa.it/semgrep-ruleset-for-c-c-vulnerability-research/

   ・ Semgrep ruleset for C/C++ vulnerability research – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(04-12)

版权声明:admin 发表于 2022年4月12日 下午12:28。
转载请注明:每日安全动态推送(04-12) | CTF导航

相关文章

【最新漏洞预警】CVE-2022-23134 Zabbix漏洞分析之二:从未授权访问到接管后台
admin
3,059
Persistence – Visual Studio Code Extensions
admin
36
web选手简单二进制(下篇)
admin
669
木鱼cms 审计小结
admin
351
倔强的web狗-记一次C/S架构渗透测试
admin
41
Facebook代码执行实现命令注入敏感信息泄露
admin
39

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...

相关文章

Boolean-based SQL Injection in ZoneMinder v1.37.* <= 1.37.64
0
Open-Source Intelligence Summit 2024议题慢递
0
NTLM Relaying – Making the Old New Again
0
每日安全动态推送(24/11/4)
0
wuzhicms<=4.1.0后台RCE(0day)
0
每周蓝军技术推送(2024.10.26-11.1)
0
Apache Solr漏洞CVE-2024-45216分析
0
某小型cms漏洞复现审计
0
Distributed RPC Framework RemoteModule has Deserialization RCE in pytorch/pytorch(CVE-2024-48063)
0
JWT(JSON Web Token) 攻击面小结
0