CTF导航 CTF导航

每日安全动态推送(1-12)

渗透技巧 2年前 (2023) admin
673 0 0
Tencent Security Xuanwu Lab Daily News

• Remote code execution bug discovered in the popular JsonWebToken library:
https://securityaffairs.com/140596/hacking/jsonwebtoken-library-rce.html

   ・ 一个特别搞笑的漏洞报告,还被人玩了梗https://twitter.com/testanull/status/1612794234314317824 – Atum


• blasty/lexmark:
https://github.com/blasty/lexmark

   ・ Lexmark MC3224adwe printer的RCE漏洞,用于Pwn2Own Toronto 2022比赛.其中使用了文件上传,SSRF,文件复制,命令注入等功能组合利用最后实现RCE – crazyman


• [Malware] Automating Malware Analysis Operations (MAOps) – JPCERT/CC Eyes:
https://blogs.jpcert.or.jp/en/2023/01/cloud_malware_analysis.html

   ・ 自动化分析恶意软件 – crazyman


• An electromagnetic-wave side-channel issue on ARMv8 AES instructions : netsec:
https://www.reddit.com/r/netsec/comments/1087yf6/an_electromagneticwave_sidechannel_issue_on_armv8/

   ・ ARMv8 AES指令存在侧信道漏洞,可以还原加密的key。 – Atum


• Wh04m1001/RazerEoP:
https://github.com/Wh04m1001/RazerEoP

   ・ RazerEoP:Razer Synapse3 Macro模块中删除/移动任意文件的 PoC,可造成提权 – crazyman


• [Malware] Attackers Are Already Exploiting ChatGPT to Write Malicious Code:
https://www.darkreading.com/attacks-breaches/attackers-are-already-exploiting-chatgpt-to-write-malicious-code

   ・ 利用Chat GPT攻击者可以0成本的编写恶意代码。 – Atum


• KITCTF-CTF-2022:
https://github.com/nimrods8/KITCTF-CTF-2022

   ・ KITCTF CTF 2022 Koeri Factory [PWN] Writeup – crazyman


• [Android] README.md:
https://github.com/michalbednarski/LeakValue

   ・ CVE-2022-20452 的漏洞利用代码。可通过 LazyValue 将已安装的恶意 APP 提权至系统 APP – WireFish


• 원고 청탁서로 위장한 악성코드 (안보 분야 종사자 대상):
https://asec.ahnlab.com/ko/45537/

   ・ Kimsuky朝APT组织向安全人员发出的邀请函的形式投递使用远程模板注入技术的恶意宏进行攻击 – crazyman


• RWCTF 5th ShellFind Write-up:
https://mp.weixin.qq.com/s/Wb7SMy8AHtiv71kroHEHsQ

   ・ RWCTF 5th ShellFind 官方Write-up – crazyman


• [IoT] Vulnerability Spotlight: Asus router access, information disclosure, denial of service vulnerabilities discovered:
http://cs.co/60133Tn3x

   ・ Cisco Talos团队在Asus RT-AX82U发现了3个漏洞的细节,包括身份认证绕过(CVE-2022-35401)、信息泄露(CVE-2022-38105)和拒绝服务(CVE-2022-38393)。 – P4nda


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(1-12)

版权声明:admin 发表于 2023年1月12日 下午12:40。
转载请注明:每日安全动态推送(1-12) | CTF导航

相关文章

PHP代码执行-PNG注入
admin
811
某康 iVMS-8700 综合安防在野 0day 捕捉记录
admin
1,684
渗透文章分享(1)
admin
1,197
ETW internals for security research and forensics
admin
82
记一次从任意文件下载到getshell
admin
1,059
Abuse MS-SCMR in BYOVD
admin
289

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...

相关文章

Boolean-based SQL Injection in ZoneMinder v1.37.* <= 1.37.64
0
Open-Source Intelligence Summit 2024议题慢递
0
NTLM Relaying – Making the Old New Again
0
每日安全动态推送(24/11/4)
0
wuzhicms<=4.1.0后台RCE(0day)
0
每周蓝军技术推送(2024.10.26-11.1)
0
Apache Solr漏洞CVE-2024-45216分析
0
某小型cms漏洞复现审计
0
Distributed RPC Framework RemoteModule has Deserialization RCE in pytorch/pytorch(CVE-2024-48063)
0
JWT(JSON Web Token) 攻击面小结
0