Tencent Security Xuanwu Lab Daily News
• USMA:用户态映射攻击:
https://vul.360.net/archives/391?continueFlag=2065c4d6bed3a8e7a80c495d7066e013
・ Linux 内核 USMA 用户态映射攻击
– Jett
• Privileged pod escalations in Kubernetes and GKE:
http://security.googleblog.com/2022/05/privileged-pod-escalations-in.html
・ Kubernetes/GKE 环境中特权 Pod 被用于作为跳板实现提权
– Jett
• Safari WebGL XFB Use After Free Vulnerability:
https://github.com/theori-io/CVE-2022-26717-Safari-WebGL-Exploit
・ Safari WebGL XFB UAF 漏洞(CVE-2022-26717)PoC
– Jett
• [Tools] Apihashes v2 IDA plugin:
https://github.com/KasperskyLab/Apihashes
・ Apihashes – 卡巴斯基开源的用于识别 API 函数名已知 Hash 的插件
– Jett
• Exploiting Cisco RV340 router at Pwn2Own Austin 2021:
https://blog.security.sea.com/posts/pwn2own-2021-rv340/
・ Pwn2Own 2021 Cisco RV340 路由器被攻击的细节
– Jett
• 《深入理解CodeQL》:
https://github.com/ASTTeam/CodeQL
・ 代码分析工具 CodeQL 相关的资料整理
– Jett
• Constrained Delegation Considerations for Lateral Movement:
https://sensepost.com/blog/2022/constrained-delegation-considerations-for-lateral-movement/
・ Constrained Delegation Considerations for Lateral Movement
– Jett
• windows环境下的自保护探究:
https://tttang.com/archive/1584/
・ windows环境下的自保护探究
– lanying37
• [Tools] [PDF] https://www.cs.ucr.edu/~zhiyunq/pub/icse22_dependency_measurement.pdf:
https://www.cs.ucr.edu/~zhiyunq/pub/icse22_dependency_measurement.pdf
・ Demystifying the Dependency Challenge in Kernel Fuzzing(Paper),研究由于内核状态不好控制导致部分代码未被触发的问题
– Jett
• Finding And Exploiting Bugs In TLS Libraries Used By “Smart” UPS Devices by Yuval Sarel and Gal Levy:
https://youtu.be/tUhMgPia68I
・ 智能 UPS 设备使用的 TLS 库的漏洞的挖掘和利用
– Jett
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(05-19)
