每日安全动态推送(2-8)

Tencent Security Xuanwu Lab Daily News

• [Wireless] A Survey of Bluetooth Vulnerabilities Trends (2023 Edition):
https://i5c.us/d29522

   ・ 蓝牙漏洞趋势预测。近几年蓝牙漏洞的数量呈上升趋势。 – keenan

• [Tools] BypassAV:
https://github.com/CMEPW/BypassAV

   ・ 一个如何绕过Antivirus的知识思维导图。 – Atum

• [Tools] Attacking and securing Docker containers:
https://infosecwriteups.com/attacking-and-securing-docker-containers-cc8c80f05b5b?source=rss—-7b722bfd1b8d—4

   ・ 常见的 Docker 攻防策略，通俗易懂。 – ThomasonZhao

• Discovering a weakness leading to a partial bypass of the login rate limiting in the AWS Console : netsec:
https://www.reddit.com/r/netsec/comments/10w5prw/discovering_a_weakness_leading_to_a_partial/

   ・ AWS Console的身份认证次数限制存在缺陷，通过多线程即可提升密码爆破速度。 – keenan

• [Network] Cloudflare’s handling of a bug in interpreting IPv4-mapped IPv6 addresses:
https://blog.cloudflare.com/cloudflare-handling-bug-interpreting-ipv4-mapped-ipv6-addresses/

   ・ 一个很有趣的漏洞，由于golang库和cloudflare黑名单机制的共同问题，导致了cloudflare的worker可以通过构造一个由IPv4扩展而来的IPv6地址来进行SSRF。 – Atum

• r/netsec – NETGEAR Nighthawk upnpd Pre-authentication Buffer Overflow:
https://www.reddit.com/r/netsec/comments/10vy3iq/netgear_nighthawk_upnpd_preauthentication_buffer/

   ・ Netgear R7000P router的upnpd server存在栈溢出漏洞，原因是sprintf的输出buffer长度没有检查。 – keenan

• [Android] Converting Your Android Smartphone into Penetration Testing Device:
https://gbhackers.com/use-android-penetration-testing/

   ・ 讲了如何将Android手机打造成渗透测试的实验设备，并在上面安装nmap，bettercap等工具。 – Atum

• I Built a Self-Destructing USB Drive Part 3:
https://interruptlabs.ca/2023/02/06/I-Built-a-Self-Destructing-USB-Drive-Part-3/

   ・ 讲述如何构建一个自毁的USB设备 – Atum

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab

原文始发于微信公众号（腾讯玄武实验室）：每日安全动态推送(2-8)