CTF导航 CTF导航

每日安全动态推送(04-13)

渗透技巧 3年前 (2022) admin
612 0 0
Tencent Security Xuanwu Lab Daily News


• CVE-2022-25165: Privilege Escalation to SYSTEM in AWS VPN Client:
https://rhinosecuritylabs.com/aws/cve-2022-25165-aws-vpn-client

   ・ Windows 版本 AWS VPN Client 被发现 SYSTEM 本地提权漏洞 – Jett


• [Windows] A Syscall Journey in the Windows Kernel:
https://alice.climent-pommeret.red/posts/a-syscall-journey-in-the-windows-kernel/

   ・ 探索Windows 内核中的系统调用之旅. – lanying37


• README.md:
https://github.com/trailofbits/maat

   ・ Maat – 一款开源符号执行和二进制分析框架 – Jett


• Understanding and Defending Against Reflective Code Loading on macOS:
https://slyd0g.medium.com/understanding-and-defending-against-reflective-code-loading-on-macos-e2e83211e48f

   ・ Understanding and Defending Against Reflective Code Loading on macOS – Jett


• ByteCodeDL原理篇之手把手教你实现污点分析:
https://tttang.com/archive/1541/

   ・ ByteCodeDL原理篇之手把手教你实现污点分析 – lanying37


• README.md:
https://github.com/slowmist/Blockchain-dark-forest-selfguard-handbook

   ・ 区块链黑暗森林自救手册 – Jett


• Round Two: An Updated Universal Deserialisation Gadget for Ruby 2.x-3.x:
https://devcraft.io/2022/04/04/universal-deserialisation-gadget-for-ruby-2-x-3-x.html

   ・ Round Two: An Updated Universal Deserialisation Gadget for Ruby 2.x-3.x  – Jett


• A Detailed Guide on AMSI Bypass:
https://www.hackingarticles.in/a-detailed-guide-on-amsi-bypass/

   ・ AMSI Bypass 的多种方法整理 – Jett


• Microsoft Zero-Days, Wormable Bugs Spark Concern:
https://threatpost.com/microsoft-zero-days-wormable-bugs/179273/

   ・ 微软发布 Windows 4 月份漏洞补丁,修复 128 个漏洞,其中 10 个高危 – Jett


• The State of Stalkerware in 2021:
https://securelist.com/the-state-of-stalkerware-in-2021/106193/

   ・ 卡巴斯基对 2021 年间谍监控软件现状的分析报告 – Jett


• [Web] Exploiting XSS with Javascript/JPEG Polyglot:
https://medium.com/@Medusa0xf/exploiting-xss-with-javascript-jpeg-polyglot-4cff06f8201a

   ・ Exploiting XSS with Javascript/JPEG Polyglot  – Jett


• New npm Flaws Let Attackers Better Target Packages for Account Takeover:
https://blog.aquasec.com/npm-supply-chain-attack

   ・ 由于 2FA 认证相关漏洞,NPM 软件包开发者存在 Account Takeover 威胁 – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(04-13)

版权声明:admin 发表于 2022年4月13日 下午12:26。
转载请注明:每日安全动态推送(04-13) | CTF导航

相关文章

利用Cobalt Strike攻击配置文件的力量来逃避 EDR
admin
150
「渗透技巧」利用Fork进程来Dump内存
admin
932
漏洞赏金猎人笔记-GraphQL-III
admin
439
记一次某开源OA代码审计
admin
73
JDK-Xalan的XSLT整数截断漏洞利用构造
admin
521
论如何利用可控参数拼接完成RCE
admin
898

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...

相关文章

Boolean-based SQL Injection in ZoneMinder v1.37.* <= 1.37.64
0
Open-Source Intelligence Summit 2024议题慢递
0
NTLM Relaying – Making the Old New Again
0
每日安全动态推送(24/11/4)
0
wuzhicms<=4.1.0后台RCE(0day)
0
每周蓝军技术推送(2024.10.26-11.1)
0
Apache Solr漏洞CVE-2024-45216分析
0
某小型cms漏洞复现审计
0
Distributed RPC Framework RemoteModule has Deserialization RCE in pytorch/pytorch(CVE-2024-48063)
0
JWT(JSON Web Token) 攻击面小结
0