Tencent Security Xuanwu Lab Daily News
• Amarna: Static analysis for Cairo programs:
https://blog.trailofbits.com/2022/04/20/amarna-static-analysis-for-cairo-programs/
・ Amarna – Trail of Bits 开源了一款针对 Cairo 编程语言的静态代码分析工具
– Jett
• CVE-2022-21449: Psychic Signatures in Java:
http://neilmadden.blog/2022/04/19/psychic-signatures-in-java/
・ Java 的数字签名算法(DSA)实现被发现 CVE-2022-21449 漏洞
– Jett
• Resources:
https://github.com/p0larisdev/app
・ iOS 9.x 越狱工具 p0laris 开源
– Jett
• “精”准把握静态分析|科恩二进制文件自动化静态漏洞检测工具正式开源:
https://keenlab.tencent.com/zh/2022/04/20/2022-BinAbsInspector-public-release/
・ 科恩实验室开源二进制文件自动化静态漏洞检测工具 BinAbsInspector
– Jett
• 《Java安全-只有Java安全才能拯救宇宙》:
https://github.com/HackJava/HackJava
・ Java 代码审计资源以及 Java 安全开发方向的资料
– Jett
• [PDF] https://tihmstar.net/slides/atv3-jb.pdf:
https://tihmstar.net/slides/atv3-jb.pdf
・ Jailbreaking the AppleTV 3
– Jett
• GHSL-2022-012: Arbitrary file write during TAR extraction in Apache Hadoop – CVE-2022-26612:
https://securitylab.github.com/advisories/GHSL-2022-012_Apache_Hadoop/
・ Apache Hadoop 在处理 tar 解压文件时存在任意文件写漏洞
– Jett
• Features:
https://github.com/skylot/jadx/releases/tag/v1.3.5
・ 反编译工具 jadx 更新 1.3.5 版本
– Jett
• Writing a Linux Kernel Remote in 2022:
https://blog.immunityinc.com/p/writing-a-linux-kernel-remote-in-2022/
・ Linux 内核 TIPC 远程漏洞的利用(CVE-2022-0435)
– Jett
• Exploit Development: Browser Exploitation on Windows – CVE-2019-0567, A Microsoft Edge Type Confusion Vulnerability (Part 2) (译文):
https://tttang.com/archive/1557/
・ Exploit Development: Browser Exploitation on Windows – CVE-2019-0567, A Microsoft Edge Type Confusion Vulnerability (Part 2) (译文)
– lanying37
• SSRF Attack Examples and Mitigations:
https://goteleport.com/blog/ssrf-attacks/
・ SSRF Attack Examples and Mitigations
– Jett
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(04-21)
