Tencent Security Xuanwu Lab Daily News
• Check Point Research detects vulnerability in the Everscale blockchain wallet, preventing cryptocurrency theft:
https://research.checkpoint.com/2022/check-point-research-detects-vulnerability-in-the-everscale-blockchain-wallet-preventing-cryptocurrency-theft/
・ Everscale 区块链的 Web 版本钱包 Ever Surf 被发现可以通过 XSS 漏洞窃取密钥
– Jett
• KrbRelayUp:
https://github.com/Dec0ne/KrbRelayUp
・ KrbRelayUp – 不开启 LDAP signing 的条件下实现域环境提权
– Jett
• ZoneAlarmLPE:
https://github.com/Wh04m1001/ZoneAlarmLPE
・ ZoneAlarm 反病毒软件目录权限设置不当,可以被用于 SYSTEM 提权
– Jett
• Awesome Cloud Security 云安全资源汇总:
https://github.com/teamssix/awesome-cloud-security
・ 国内云安全资源汇总.
– lanying37
• GitHub – xiaoy-sec/Pentest_Note: 渗透测试常规操作记录:
https://github.com/xiaoy-sec/Pentest_Note
・ 一份非常详细的渗透测试资料
– Jett
• CVE-2022-24521: Analysing and Exploiting the Windows Common Log File System (CLFS) Logical-Error Vulnerability:
https://www.pixiepointsecurity.com/blog/nday-cve-2022-24521.html
・ Windows CLFS 驱动 CVE-2022-24521 漏洞的分析和利用
– Jett
• CodeQL能找到log4shell(CVE-2021-44228)漏洞吗?:
https://tttang.com/archive/1570/
・ CodeQL能找到log4shell(CVE-2021-44228)漏洞吗?
– lanying37
• x64dbg System Breakpoint Explained:
https://youtu.be/vdyyg72tc2w
・ x64dbg 调试系统断点教程视频.
– lanying37
• slides/Old School, New Story–Escape from Hyper-V by Path Traversal.pdf:
https://github.com/474172261/slides/blob/main/Old%20School%2C%20New%20Story–Escape%20from%20Hyper-V%20by%20Path%20Traversal.pdf
・ Old School, New Story–Escape from Hyper-V by Path Traversal,来自 VictorV 在 ZeroCon 2022 会议的演讲
– Jett
• Expanding Apple Ecosystem Access with Open Source, Multi Platform Code Signing:
https://gregoryszorc.com/blog/2022/04/25/expanding-apple-ecosystem-access-with-open-source,-multi-platform-code-signing/
・ apple-codesign – 有研究员实现了一套在非 Apple 系统上运行的 Apple 代码签名工具
– Jett
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(04-26)
