CTF导航 CTF导航

每日安全动态推送(06-17)

渗透技巧 2年前 (2022) admin
827 0 0
Tencent Security Xuanwu Lab Daily News


• [Windows, Vulnerability] That Pipe is Still Leaking: Revisiting the RDP Named Pipe Vulnerability:
https://www.cyberark.com/resources/threat-research-blog/that-pipe-is-still-leaking-revisiting-the-rdp-named-pipe-vulnerability

   ・ RDP 命名管道权限设置不当漏洞分析(CVE-2022-24533) – Jett


• Reverse Engineering Flutter Apps | Guardsquare:
https://www.guardsquare.com/blog/current-state-and-future-of-reversing-flutter-apps

   ・ Flutter Apps 的逆向 – Jett


• Secure Messaging Apps and Group Protocols, Part 2:
http://blog.quarkslab.com/secure-messaging-apps-and-group-protocols-part-2.html

   ・ 端到端加密通信 App 如何实现群聊消息的安全,来自 QuarksLab – Jett


• DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach:
https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/

   ・ DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach – Jett


• Zero Day Initiative — CVE-2022-23088: Exploiting a Heap Overflow in the FreeBSD Wi-Fi Stack:
https://www.zerodayinitiative.com/blog/2022/6/15/cve-2022-23088-exploiting-a-heap-overflow-in-the-freebsd-wi-fi-stack

   ・ 利用 FreeBSD Wi-Fi 协议栈的堆溢出漏洞实现 RCE(CVE-2022-23088) – Jett


• [Android] The Android kernel mitigations obstacle race:
https://github.blog/2022-06-16-the-android-kernel-mitigations-obstacle-race/

   ・ 利用 Qualcomm GPU 驱动的 UAF 漏洞实现 Samsung Z flip 3 root 提权、禁用 SELinux  – Jett


• iOS 16 – restricted Userclients:
https://saaramar.github.io/ios16_restricted_iouserclients/

   ・ iOS 16 版本 IOSurface 攻击面缓解的一些变化 – Jett


• WMI攻守之道:
https://tttang.com/archive/1624/

   ・ WMI攻守之道 – lanying37


• VED (Vault Exploit Defense) – Linux kernel threat detection and prevention system:
https://github.com/hardenedvault/ved

   ・ VED – Linux 内核威胁检测和防御系统 – Jett


• Guide to Reversing and Exploiting iOS binaries Part 2: ARM64 ROP Chains:
https://www.inversecos.com/2022/06/guide-to-reversing-and-exploiting-ios.html

   ・ iOS 平台 ARM64 ROP 利用链 – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(06-17)

版权声明:admin 发表于 2022年6月17日 上午11:17。
转载请注明:每日安全动态推送(06-17) | CTF导航

相关文章

DAPP: 自动检测并分析 NodeJS 模块原型漏洞
admin
326
百卓智能S85F管理平台RCE-POC
admin
212
Cobaltstrike狩猎与对抗
admin
726
原创 Paper | VxWorks 启动流程及溢出测试分析
admin
32
Bitbucket Attack Vector
admin
49
帝国CMS梅开二度代码审计(文件删除+重装写入)
admin
235

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...

相关文章

浙江大学 | MINER:一种用于REST API模糊测试的混合数据驱动方法
0
Visionaries Have Democratised Remote Network Access – Citrix Virtual Apps and Desktops (CVE Unknown)
0
Jupyter Notebook从未授权到GetShell
0
每日安全动态推送(24/11/14)
0
springboot环境下的写文件RCE
0
终端对抗防御逃逸-内存免杀
0
Apache OFBiz 命令执行漏洞分析(CVE-2024-45195、CVE-2024-45507)
0
Resin URL解析特性导致权限认证绕过分析
0
CVE-2024-4956:Nexus Repository 3目录穿越漏洞
0
原创 Paper | CodeQL 入门和基本使用
0