CTF导航 CTF导航

每日安全动态推送(05-27)

渗透技巧 2年前 (2022) admin
654 0 0
Tencent Security Xuanwu Lab Daily News


• NetUSB exploitation part 1: Setting up the environment:
https://blog.security.sea.com/posts/netusb-emulation/

   ・ 基于虚拟机,模拟执行 TP-Link Archer C7 路由器内核 NetUSB 模块 – Jett


• Cannoli: The Fast QEMU Tracer | Margin Research:
https://margin.re/blog/cannoli-the-fast-qemu-tracer.aspx

   ・ Cannoli – 高性能 Trace QEMU 指令和内存操作的引擎 – Jett


• GitHub – gamozolabs/proc_mem_ida_loader: A /proc/mem IDA loader to snapshot a running process:
https://github.com/gamozolabs/proc_mem_ida_loader

   ・ 一款从 /proc/mem 提取进程内存快照导入 IDA 分析的插件 – Jett


• How to Detect TOR Network Connections with Falco:
https://sysdig.com/blog/detect-tor-network-connection-falco/

   ・ 利用 Falco 监控 TOR 的网络连接 – Jett


• CVE-2022-30781:一条普通的 Git 命令导致的 Gitea RCE:
https://tttang.com/archive/1607/

   ・ CVE-2022-30781:一条普通的 Git 命令导致的 Gitea RCE – lanying37


• GitHub – Microsoft/pyright: Static type checker for Python:
https://github.com/Microsoft/pyright

   ・ pyright – 微软开源的 Python 代码静态 type checker – Jett


• [Linux] r/ReverseEngineering – Linux.Nasty: Assembly x64 ELF virus:
https://www.reddit.com/r/ReverseEngineering/comments/uv946w/linuxnasty_assembly_x64_elf_virus/

   ・ Linux.Nasty: Assembly x64 ELF virus – lanying37


• [Virtualization] VirtualBox On Linux Affected By Security Vulnerability Leaking Host Data To Guests:
https://www.phoronix.com/scan.php?page=news_item&px=VirtualBox-Leaky-Host-To-Guest

   ・ Linux 版本 VirtualBox 被发现 Host 向 Guest 泄露数据的漏洞 – Jett


• VMware Authentication Bypass Vulnerability (CVE-2022-22972) Technical Deep Dive – Horizon3.ai:
https://www.horizon3.ai/vmware-authentication-bypass-vulnerability-cve-2022-22972-technical-deep-dive/

   ・ VMware 认证 Bypass CVE-2022-22972 漏洞的分析 – Jett


• Retrofitting Temporal Memory Safety on C++:
http://security.googleblog.com/2022/05/retrofitting-temporal-memory-safety-on-c.html

   ・ Google 用内存扫描技术提高 Chrome C++ 代码运行时的安全性 – Jett


• 2nd RCE and XSS in Apache Struts before 2.5.30:
https://mc0wn.blogspot.com/2022/05/2nd-rce-and-xss-in-apache-struts-before-2530.html

   ・ 2nd RCE and XSS in Apache Struts 2.5.0 – 2.5.29 – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(05-27)

版权声明:admin 发表于 2022年5月27日 下午12:04。
转载请注明:每日安全动态推送(05-27) | CTF导航

相关文章

开源软件供应链攻击分类
admin
535
DupeFS:利用文件系统去重功能以侧信道攻击的方式泄露用户数据
admin
431
攻防演练 | 红队钓鱼技术剖析与防范
admin
252
CVE-2022-22972 VMware Workspace ONE Access Authentication Bypass RCE
admin
986
从一个奇葩的JWT解密问题到Github 10K star组件的设计缺陷!!!
admin
73
Multiple bugs chained to takeover Facebook Accounts which uses Gmail
admin
333

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...

相关文章

Boolean-based SQL Injection in ZoneMinder v1.37.* <= 1.37.64
0
Open-Source Intelligence Summit 2024议题慢递
0
NTLM Relaying – Making the Old New Again
0
每日安全动态推送(24/11/4)
0
wuzhicms<=4.1.0后台RCE(0day)
0
每周蓝军技术推送(2024.10.26-11.1)
0
Apache Solr漏洞CVE-2024-45216分析
0
某小型cms漏洞复现审计
0
Distributed RPC Framework RemoteModule has Deserialization RCE in pytorch/pytorch(CVE-2024-48063)
0
JWT(JSON Web Token) 攻击面小结
0