CTF导航 CTF导航

每日安全动态推送(12-02)

渗透技巧 2年前 (2021) admin
781 0 0
Tencent Security Xuanwu Lab Daily News


• GitHub – l0ggg/VMware_vCenter: VMware vCenter 7.0.2.00100 unauth Arbitrary File Read + SSRF + Reflected XSS:
https://github.com/l0ggg/VMware_vCenter

   ・ VMware vCenter 7.0.2.00100 版本任意文件读、SSRF、XSS 漏洞 – Jett


• GitHub – trailofbits/pip-audit: Audits Python environments and dependency trees for known vulnerabilities:
https://github.com/trailofbits/pip-audit

   ・ pip-audit – 用于扫描 Python 环境依赖库是否涉及已知漏洞的工具 – Jett


• Tracking a P2P network related to TA505 – NCC Group Research:
https://research.nccgroup.com/2021/12/01/tracking-a-p2p-network-related-with-ta505/

   ・ Tracking a P2P network related to TA505 – Jett


• Azure Privilege Escalation via Azure API Permissions Abuse:
https://posts.specterops.io/azure-privilege-escalation-via-azure-api-permissions-abuse-74aee1006f48

   ・ Azure Privilege Escalation via Azure API Permissions Abuse – Jett


• Project Zero: This shouldn’t have happened: A vulnerability postmortem:
https://googleprojectzero.blogspot.com/2021/12/this-shouldnt-have-happened.html

   ・ Project Zero Tavis Ormandy 在 Mozilla NSS 加密库中发现一个内存破坏漏洞 – Jett


• Jumping the air gap: 15 years of nation‑state effort | WeLiveSecurity:
https://www.welivesecurity.com/2021/12/01/jumping-air-gap-15-years-nation-state-effort/

   ・ ESET 研究员对近 15 年公开攻击中涉及的穿透物理隔离边界的框架的分析 – Jett


• Where in the World is Carmen Sandiego: Abusing Location Services on macOS | by Justin Bui | Dec, 2021 | Medium:
https://medium.com/@slyd0g/where-in-the-world-is-carmen-sandiego-abusing-location-services-on-macos-10e9f4eefb71

   ・ Abusing Location Services on macOS – Jett


• TALOS-2021-1352 || Cisco Talos Intelligence Group – Comprehensive Threat Intelligence:
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1352

   ・ Google Chrome Blink setBaseAndExtent use after free vulnerability  – Jett


• Exploiting Vulnerabilities in a TLD Registrar to Takeover Tether, Google, and Amazon:
https://palisade.consulting/blog/tld-hacking

   ・ Exploiting Vulnerabilities in a TLD Registrar to Takeover Tether, Google, and Amazon – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(12-02)

版权声明:admin 发表于 2021年12月2日 上午4:26。
转载请注明:每日安全动态推送(12-02) | CTF导航

相关文章

On the Fuzzing Hook
admin
693
每日安全动态推送(06-14)
admin
636
泛微E-Office 10任意文件上传漏洞
admin
137
Windows NTFS本地提权漏洞 CVE-2021-31956
admin
39
攻击技术研判 | 上游供应商沦陷典例-3CX供应链攻击事件
admin
381
技术分享 | 一次对BC站点的曲线渗透
admin
628

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...

相关文章

凭据获取之浏览器
0
实战环境中的Redis 延时注入
0
每日安全动态推送(4-18)
0
漏洞挖掘 | DreamerCMS RCE (CVE-2024-3311)
0
Weblogic RCE(CVE-2024-21006)
0
OpenClinic GA 5.247.01 – Path Traversal (Authenticated)
0
Jenkins 2.441 – Local File Inclusion
0
Catcher(捕手)
0
CVE-2024-2448: Authenticated Command Injection In Progress Kemp LoadMaster
0
PoC Exploit Released for 0-day Windows Kernel Elevation of Privilege Vulnerability (CVE-2024-21338)
0