Tencent Security Xuanwu Lab Daily News
• [CTF] 2022 年 CTF Web 前端與 JS 題總結:
https://blog.huli.tw/2022/12/26/ctf-2022-web-js-summary/
・ 2022年CTF Web前端与JS题目总结
– crazyman
• [Reverse Engineering] Reverse Engineering TikTok’s VM Obfuscation (Part 2) : ReverseEngineering:
https://www.reddit.com/r/ReverseEngineering/comments/107fqih/reverse_engineering_tiktoks_vm_obfuscation_part_2/
・ TikTok的VMP保护分析
– Atum
• RealWorld CTF 5th – realwrap:
https://github.com/iczc/rwctf-5th-realwrap
・ RealWorld CTF 5th 区块链挑战- realwrap Writeup
– crazyman
• [Fuzzing, Tools] fuzztruction: an academic prototype of a fuzzer:
https://securityonline.info/fuzztruction-an-academic-prototype-of-a-fuzzer/
・ 一种新的fuzzer设计,相比于常见的对数据进行变异思路,本文提出一种对生成器的行为进行变异(错误注入)的思路。这样生成的数据可在结构上保持大部分合法性。
– WireFish
• CVE-2022-43473 ZOHO ManageEngine OpManager XXE注入:
https://da22le.github.io/cve-2022-43473-zoho-manageengine-opmanager-xxe%E6%B3%A8%E5%85%A5/
・ CVE-2022-43473 ZOHO ManageEngine OpManager XXE注入
– crazyman
• [Tools] How I fuzz and hack APIs?:
https://rashahacks.com/how-i-fuzz-and-hack-api/
・ 关于如何fuzz http api的思考
– ArisXu
• [Android, Malware] StrongPity espionage campaign targeting Android users | WeLiveSecurity:
https://www.welivesecurity.com/2023/01/10/strongpity-espionage-campaign-targeting-android-users/
・ StrongPity APT组织使用木马化的telegram软件模仿Shagle 应用程序进行水坑攻击
– crazyman
• CVE-2022-31705:
https://github.com/s0duku/cve-2022-31705
・ VMware Workstation Heap OOB 漏洞POC。
– Atum
• [Linux] 2391 – Linux >=4.10: UAF in __do_semtimedop() due to lockless check outside RCU section – project-zero:
https://bugs.chromium.org/p/project-zero/issues/detail?id=2391
・ Linux Kernel UAF漏洞细节,该漏洞是由于加锁逻辑实现问题,导致可以通过条件竞争造成UAF漏洞。
– P4nda
• [Real World CTF 2023] The cult of 8 bit:
https://sh1yo.art/ctf/thecultof8bit/
・ [Real World CTF 2023] The cult of 8 bit 利用xsleak的一个非预期解法的writeup
– crazyman
• RWCTF 2023 NonHeavyFTP writeup:
https://f0cus77.github.io/RWCTF-2023-NonHeavyFTP-writeup/
・ RWCTF2023 NonHeavyFTP的writeup,本题令选手尝试在比赛过程中挖掘开源FTPServer lightftp的race codition 0day漏洞并加以利用。
– Atum
• Hackers Can Abuse Visual Studio Marketplace to Target Developers with Malicious Extensions:
https://thehackernews.com/2023/01/hackers-distributing-malicious-visual.html
・ VSCode扩展可以被用作攻击向量RCE开发者的电脑。
– Atum
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(1-11)
