CTF导航 CTF导航

每日安全动态推送(05-24)

渗透技巧 2年前 (2022) admin
779 0 0
Tencent Security Xuanwu Lab Daily News


• New Research Paper: Pre-hijacking Attacks on Web User Accounts:
https://msrc-blog.microsoft.com/2022/05/23/pre-hijacking-attacks/

   ・ New Research Paper: Pre-hijacking Attacks on Web User Accounts – Jett


• [Android, Browser] Protecting Android users from 0-Day attacks:
https://blog.google/threat-analysis-group/protecting-android-users-from-0-day-attacks/

   ・ Google TAG 团队 2021 年监测到的一些 Android 0Day 漏洞 – Jett


• security_update_20220523:
https://github.com/alibaba/fastjson/wiki/security_update_20220523

   ・ Fastjson 1.2.80 及以下版本存在绕过默认 autoType 关闭的限制,实现远程代码执行 – Jett


• Beneath the surface: Uncovering the shift in web skimming:
https://www.microsoft.com/security/blog/2022/05/23/beneath-the-surface-uncovering-the-shift-in-web-skimming/

   ・ 近期 Web skimming 攻击中的一些代码混淆技术 – Jett


• Revisiting a Credential Guard Bypass:
https://itm4n.github.io/credential-guard-bypass/

   ・ Revisiting a Credential Guard Bypass – Jett


• 基础知识-gcc编译过程:
https://tttang.com/archive/1595/

   ・ fuzzer AFL 源码分析(一)- 编译 – lanying37


• [Windows] Windows Kernel Driver in Rust (Rusty Rootkit) for Red Teamers:
https://github.com/memN0ps/eagle-rs/

   ・ 面向 Red Team 的 Rust 版 Windows 内核驱动 – Jett


• Exploit Development: No Code Execution? No Problem! Living The Age of VBS, HVCI, and Kernel CFG:
https://connormcgarr.github.io/hvci/

   ・ 在开启虚拟化保护 VBS、HVCI、内核 CFG 的环境下实现漏洞利用 – Jett


• Math.abs JIT Optimization Bug in JSC:
https://vul.360.net/archives/397

   ・ 2021 年天府杯 Safari JavaScriptCore Math.abs JIT CVE-2021-30953 漏洞的分析 – Jett


• IEEE S&P 2022 云端报道(1):
https://mp.weixin.qq.com/s/yRKjJHaxYnZgxr6gMjem4Q

   ・ 上海交大 GOSSIP 研究组对 IEEE S&P 2022 会议的云端报道 – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(05-24)

版权声明:admin 发表于 2022年5月24日 下午12:11。
转载请注明:每日安全动态推送(05-24) | CTF导航

相关文章

BossCMS RCE
admin
57
llvm pass总结
admin
167
一次命令执行的实战绕过
admin
850
Bypass谷歌发布的165条Cobalt Strike YARA规则
admin
732
一种绕过LFI(本地文件包含)的方法
admin
1,072
一些防止 Java 代码被反编译的方法
admin
958

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...

相关文章

Boolean-based SQL Injection in ZoneMinder v1.37.* <= 1.37.64
0
Open-Source Intelligence Summit 2024议题慢递
0
NTLM Relaying – Making the Old New Again
0
每日安全动态推送(24/11/4)
0
wuzhicms<=4.1.0后台RCE(0day)
0
每周蓝军技术推送(2024.10.26-11.1)
0
Apache Solr漏洞CVE-2024-45216分析
0
某小型cms漏洞复现审计
0
Distributed RPC Framework RemoteModule has Deserialization RCE in pytorch/pytorch(CVE-2024-48063)
0
JWT(JSON Web Token) 攻击面小结
0