Tencent Security Xuanwu Lab Daily News
• Technical Advisory – U-Boot – Unchecked Download Size and Direction in USB DFU (CVE-2022-2347):
https://research.nccgroup.com/2023/01/20/technical-advisory-u-boot-unchecked-download-size-and-direction-in-usb-dfu-cve-2022-2347/
・ U-Boot – USB DFU 中未经检查所接收内容的大小和来源造成堆栈溢出 (CVE-2022-2347)
– crazyman
• [Browser] b3typer – bi0sCTF 2022:
https://blog.bi0s.in/2023/01/23/Pwn/bi0sCTF22-b3typer/
・ bi0sCTF 2022 jsc题目b3typer的offical writeup
– crazyman
• CVE-2022-42864 – Diabolical Cookies:
https://muirey03.blogspot.com/2023/01/cve-2022-42864-diabolical-cookies.html
・ CVE-2022-42864:IOHIDFamily中的一个TOCTOU的writeup和poc
– crazyman
• [Vulnerability] Inglourious Drivers – A Journey of Finding Vulnerabilities in Drivers:
https://www.cyberark.com/resources/threat-research-blog/inglourious-drivers-a-journey-of-finding-vulnerabilities-in-drivers
・ 介绍了作者以一种意外的方式发现并找到 WinIO 内核驱动栈溢出漏洞。并展示了利用此漏洞为根基,攻击某外围设备厂商的驱动,并最终执行任意内核代码的全过程。
– ThomasonZhao
• [CTF] idekCTF2022 – Coroutine Writeup:
https://kiprey.github.io/2023/01/idek_coroutine/
・ idekCTF2022 – Pwn题目 Coroutine 的详细Writeup
– crazyman
• [Tools] HTB: UpDown:
https://0xdf.gitlab.io/2023/01/21/htb-updown.html
・ HTB: UpDown Writeup
– crazyman
• [Vulnerability] The toddler’s introduction to Heap Exploitation, Unsafe Unlink(Part 4.3):
https://infosecwriteups.com/the-toddlers-introduction-to-heap-exploitation-unsafe-unlink-part-4-3-75e00e1b0c68
・ 入门级堆利用教学系列,目前共发布7篇
– ThomasonZhao
• A step-by-step introduction to the use of ROP gadgets to bypass DEP – CYBER GEEKS:
https://cybergeeks.tech/a-step-by-step-introduction-to-the-use-of-rop-gadgets-to-bypass-dep/
・ 手把手教你如何用 ROP 绕过数据执行保护(Data Execution Prevention,DEP)。利用 QuoteDB 在 Windows 平台上进行调试教学。
– ThomasonZhao
• Dissecting and Exploiting TCP/IP RCE Vulnerability “EvilESP”:
https://securityintelligence.com/posts/dissecting-exploiting-tcp-ip-rce-vulnerability-evilesp/
・ 详细分析 TCP/IP RCE(CVE-2022-34718)漏洞包含其逆向补丁,协议的所有细节过程,包括纠正Numen Cyber Labs blog中的一些不准确的地方.并成功实现dos.以及概述讲解如何将原语转换为后续rce的一些步骤
– crazyman
• Attackers Crafted Custom Malware for Fortinet Zero-Day:
https://www.darkreading.com/threat-intelligence/china-based-attacker-crafted-custom-malware-for-fortinet-zero-day
・ 黑客针对 Fortinet 零日漏洞(CVE-2022-42475)制作恶意软件后门:BoldMove
– ThomasonZhao
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(1-31)