CTF导航 CTF导航

每日安全动态推送(08-11)

渗透技巧 2年前 (2022) admin
434 0 0
Tencent Security Xuanwu Lab Daily News


• How to Attack and Remediate Excessive Network Share Permissions in Active Directory Environments:
https://www.netspi.com/blog/technical/network-penetration-testing/network-share-permissions-powerhuntshares/

   ・ Active Directory 环境网络共享配置权限不当问题的分析和利用 – Jett


• Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling | PortSwigger Research:
https://portswigger.net/research/browser-powered-desync-attacks

   ・ Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling  – Jett


• Cisco Talos Intelligence Group – Comprehensive Threat Intelligence: Cisco Talos shares insights related to recent cyber attack on Cisco:
https://blog.talosintelligence.com/2022/08/recent-cyber-attack.html

   ・ 思科 Talos Lab 对思科 5 月份被黑事件的分析 – Jett


• The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part I):
https://googleprojectzero.blogspot.com/2022/08/the-quantum-state-of-linux-kernel.html

   ・ Linux 内核 GC 漏洞(CVE-2021-0920)的分析,该漏洞已有野外利用 – Jett


• building:
https://github.com/d4rckh/gorilla

   ・ gorilla – 用于生成密码字段的工具 – Jett


• [PDF] https://www.s3.eurecom.fr/docs/ccs22_fioraldi.pdf:
https://www.s3.eurecom.fr/docs/ccs22_fioraldi.pdf

   ・ LibAFL: A Framework to Build Modular and Reusable Fuzzers  – Jett


• [Vulnerability] CVE-2022-22252: Huawei HWLog Vmalloc Use-After-Free:
https://labs.taszk.io/blog/post/79_hw_hwlog_uaf/

   ・ CVE-2022-22252: Huawei HWLog Vmalloc Use-After-Free – Jett


• From Shared Dash to Root Bash :: Pre-Authenticated RCE in VMWare vRealize Operations Manager:
https://srcincite.io/blog/2022/08/09/from-shared-dash-to-root-bash-pre-authenticated-rce-in-vmware-vrealize-operations-manager.html

   ・ VMWare vRealize Operations Manager Pre-Authenticated RCE 漏洞的分析 – Jett


• [Tools] Microsoft Office to publish symbols starting August 2022:
https://msrc-blog.microsoft.com/2022/08/08/microsoft-office-to-publish-symbols-starting-august-2022/

   ・ 8 月份开始,微软将公开 Office 的调试符号 – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(08-11)

版权声明:admin 发表于 2022年8月11日 下午12:39。
转载请注明:每日安全动态推送(08-11) | CTF导航

相关文章

K8s环境下的污点横移
admin
653
Beacon C2Profile 解析
admin
587
Java安全攻防之老版本Fastjson的一些不出网利用
admin
836
反诈红队之Bypass宝塔TP5 RCE实战
admin
1,472
每日安全动态推送(02-08)
admin
600
从DirtyPipe到Docker逃逸
admin
953

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...

相关文章

Boolean-based SQL Injection in ZoneMinder v1.37.* <= 1.37.64
0
Open-Source Intelligence Summit 2024议题慢递
0
NTLM Relaying – Making the Old New Again
0
每日安全动态推送(24/11/4)
0
wuzhicms<=4.1.0后台RCE(0day)
0
每周蓝军技术推送(2024.10.26-11.1)
0
Apache Solr漏洞CVE-2024-45216分析
0
某小型cms漏洞复现审计
0
Distributed RPC Framework RemoteModule has Deserialization RCE in pytorch/pytorch(CVE-2024-48063)
0
JWT(JSON Web Token) 攻击面小结
0