每日安全动态推送(2-10)

Tencent Security Xuanwu Lab Daily News

• bi0sCTF/2022 at main · teambi0s/bi0sCTF · GitHub:
https://github.com/teambi0s/bi0sCTF/tree/main/2022

   ・ bi0sCTF 2022 Offical source code && env && sol – crazyman

• priv.pub:
https://priv.pub/posts/dicectf-2023

   ・ DiceCTF 2023 – seaside && vinaigrette offical writeup – crazyman

• CVE-2023-25136 OpenSSH Pre-Auth Double Free Writeup & PoC:
https://jfrog.com/blog/openssh-pre-auth-double-free-cve-2023-25136-writeup-and-proof-of-concept/

   ・ OpenSSH CVE-2023-25136的漏洞细节和POC – keenan

• [Tools] NewsPenguin, a Previously Unknown Threat Actor, Targets Pakistan with Advanced Espionage Tool:
https://blogs.blackberry.com/en/2023/02/newspenguin-a-previously-unknown-threat-actor-targets-pakistan-with-advanced-espionage-tool

   ・ NewsPenguin:针对巴基斯坦的新组织使用的植入插件分析 – crazyman

• [原创]CUDA Program Intro and Reverse-软件逆向-看雪论坛-安全社区|安全招聘|bbs.pediy.com:
https://bbs.kanxue.com/thread-275989.htm

   ・ CUDA Program Intro and Reverse – crazyman

• [Vulnerability] CVE-2023-24813 (CVSS score of 10): RCE Flaw in Dompdf Project:
https://securityonline.info/cve-2023-24813-rce-flaw-dompdf-project/

   ・ Dompdf 项目中存在反序列化导致的 RCE 漏洞，该漏洞是因为 CVE-2023-23924 修复不完整导致可以绕过补丁进行攻击。 – ThomasonZhao

• DiceCTF 2023 writeups:
https://blog.ankursundara.com/dicectf23-writeups/

   ・ DiceCTF 2023 – geminiblog && jnotes && impossible-xss offical writeup  – crazyman

• OpenSSL Security Advisory:
https://mta.openssl.org/pipermail/openssl-announce/2023-February/000251.html

   ・ OpenSSL的多个漏洞简报 – keenan

• GitHub – dicegang/dicectf-2023-challenges: All challenges from DiceCTF 2023:
https://github.com/dicegang/dicectf-2023-challenges

   ・ DiceCTF 2023 Offical sourcecode && env && sol – crazyman

• [Browser] Adobe and Microsoft Bring Industry-Leading Acrobat PDF Experience to 1.4 Billion Windows Users through Microsoft Edge:
https://blogs.windows.com/msedgedev/2023/02/08/adobe-acrobat-microsoft-edge-pdf/

   ・ 从 2023 年 3 月开始，Microsoft Edge中将原生嵌入 Acrobat PDF 组件。 – P4nda

• Isn’t C++ fun? : ProgrammerHumor:
https://www.reddit.com/r/programmerhumor/comments/10wur63

   ・ 编译器优化导致未定义行为的meme – keenan

• DiceCTF 2023 Writeups:
https://brycec.me/posts/dicectf_2023_challenges

   ・ DiceCTF 2022 – recursive-csp && unfinished && jwtjail && chess.rs offical writeup  – crazyman

• MISC｜西湖论剑·2022中国杭州网络安全技能大赛初赛官方Write Up:
https://mp.weixin.qq.com/s/t6z7VjlW09b9A3Fv2bt7dA

   ・ MISC｜西湖论剑·2022中国杭州网络安全技能大赛初赛官方Write Up – crazyman

• [Tools, Crypto] FilelessPELoader:
https://github.com/TheD1rkMtr/FilelessPELoader

   ・ 可远程导入加密PE文件到内存中解密并运行，实现无文件加载 – WireFish

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab

原文始发于微信公众号（腾讯玄武实验室）：每日安全动态推送(2-10)