每日安全动态推送(05-25)

渗透技巧 3年前 (2022) admin
825 0 0
Tencent Security Xuanwu Lab Daily News


• Exploiting a Use-After-Free for code execution in every version of Python 3[译文]:
https://tttang.com/archive/1601/

   ・ Exploiting a Use-After-Free for code execution in every version of Python 3[译文] – lanying37


• Expanding the Dragon: Adding an ISA to Ghidra:
https://trenchant.io/expanding-the-dragon-adding-an-isa-to-ghidra/

   ・ 为 Ghidra 增加对一种新的 ISA 指令架构的支持 – Jett


• A Kernel Hacker Meets Fuchsia OS:
https://a13xp0p0v.github.io/2022/05/24/pwn-fuchsia.html

   ・ 研究员 Alexander Popov 对 Fuchsia 操作系统的安全研究 – Jett


• Weaponizing dirtypipe on android – Google Slides:
https://docs.google.com/presentation/d/1Tq00gy1GtiK0OvNYOy_kCz0er9ZECBXGoy5Lfy5MD3M/mobilepresent#slide=id.p

   ・ Linux DirtyPipe 漏洞在 Android 平台的利用 – Jett


• 2254 – Zoom: Remote Code Execution with XMPP Stanza Smuggling – project-zero:
https://bugs.chromium.org/p/project-zero/issues/detail?id=2254

   ・ Zoom XMPP 协议处理 RCE 漏洞分析,漏洞触发不需要用户参与,来自 Project Zero – Jett


• The new Component Filter mitigation:
https://big5-sec.github.io/posts/component-filter-mitigation/

   ・ Windows 内核 Component Filter Mitigation 的实现机制研究 – Jett


• Offensive Windows IPC Internals 3: ALPC · csandker.io:
https://csandker.io/2022/05/24/Offensive-Windows-IPC-3-ALPC.html

   ・ 从安全的角度研究 Windows ALPC 的内幕 – Jett


• Finding Bugs in Windows Drivers, Part 1 – WDM:
https://www.cyberark.com/resources/threat-research-blog/finding-bugs-in-windows-drivers-part-1-wdm

   ・ Windows WDM 驱动漏洞挖掘 – Jett


• Tetragone: A Lesson in Security Fundamentals:
https://grsecurity.net/tetragone_a_lesson_in_security_fundamentals

   ・ 近期开源的 Tetragon 工具基于 eBPF 提供内核层面的漏洞攻击检测能力,grsecurity 研究员实际测试并发现 Tetragon 存在一些缺陷 – Jett


• [Crypto] Secure Messaging Apps and Group Protocols, Part 1:
http://blog.quarkslab.com/secure-messaging-apps-and-group-protocols-part-1.html

   ・ Quarkslab 对即时通讯软件端到端加密机制的分析 – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(05-25)

版权声明:admin 发表于 2022年5月25日 上午11:56。
转载请注明:每日安全动态推送(05-25) | CTF导航

相关文章

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...