Tencent Security Xuanwu Lab Daily News
• LuaJIT Sandbox Escape: The Saga Ends:
https://0xbigshaq.github.io/2022/12/30/luajit-sandbox-escape/
・ LuaJIT Sandbox Escape: The Saga Ends
– crazyman
• Exploring the World of ESI Injection:
https://infosecwriteups.com/exploring-the-world-of-esi-injection-b86234e66f91?source=rss—-7b722bfd1b8d—4
・ Esi注入相关的几个真实漏洞case study
– xmzyshypnc
• [iOS, macOS] slides/Hexacon_2022_More_Tales_from_the_iOS_macOS_Kernel_Trenches.pdf:
https://github.com/potmdehex/slides/blob/main/Hexacon_2022_More_Tales_from_the_iOS_macOS_Kernel_Trenches.pdf
・ Hexacon 2022会议中《More Tales from the iOS/macOS Kernel Trenches》议题slide,其中提及了CVE-2022-22640、CVE-2022-32821漏洞的原理等详细信息及利用技术。
– P4nda
• Inside the 8086 processor’s instruction prefetch circuitry:
http://www.righto.com/2023/01/inside-8086-processors-instruction.html
・ 介绍 8086 处理器指令预取技术的电路实现
– WireFish
• [Linux, Tools] modreveal:
https://github.com/jafarlihi/modreveal
・ modreveal 找出当前Linux机器的隐藏Linux内核模块的工具
– ThomasonZhao
• [Reverse Engineering] GitHub – moyix/gpt-wpre: Whole-Program Reverse Engineering with GPT-3:
https://github.com/moyix/gpt-wpre
・ 基于Ghidra和GPT-3的辅助逆向工具
– ThomasonZhao
• [IoT, Reverse Engineering] Reverse Engineering and Exploiting an IoT bug : ReverseEngineering:
https://www.reddit.com/r/ReverseEngineering/comments/101iozj/reverse_engineering_and_exploiting_an_iot_bug/
・ Faraday CTF 2022 Write-up,以一道ctf题为例介绍mips架构下的iot漏洞利用技巧,适合初学者学习
– ArisXu
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(1-4)
