CTF导航 CTF导航

每日安全动态推送(12-17)

渗透技巧 2年前 (2021) admin
891 0 0
Tencent Security Xuanwu Lab Daily News


• [Tools] What does your code use, and is it vulnerable? It-depends!:
https://blog.trailofbits.com/2021/12/16/it-depends/

   ・ it-depends – 一款自动化地分析开源代码 Repo 中依赖库的工具,支持 cargo, npm, pip, go, CMake 等语言包工具 – Jett


• Apache Shiro 反序列化漏洞原理详解:
http://blog.topsec.com.cn/apache-shiro-%e5%8f%8d%e5%ba%8f%e5%88%97%e5%8c%96%e6%bc%8f%e6%b4%9e%e5%8e%9f%e7%90%86%e8%af%a6%e8%a7%a3/

   ・ Apache Shiro 反序列化漏洞原理详解 – Jett


• Phorpiex botnet is back with a new Twizt: Hijacking Hundreds of crypto transactions – Check Point Research:
https://research.checkpoint.com/2021/phorpiex-botnet-is-back-with-a-new-twizt-hijacking-hundreds-of-crypto-transactions/

   ・ 消失多年的 Phorpiex Botnet 又出现了 – Jett


• [Android] 2227 – Android: apps have VM_MAYWRITE access to shared zygote JIT mapping – project-zero:
https://bugs.chromium.org/p/project-zero/issues/detail?id=2227

   ・ 2227 – Android: apps have VM_MAYWRITE access to shared zygote JIT mapping – Jett


• [Android] Prevent Reverse Engineering (RE) of your Android application:
https://www.securing.pl/en/prevent-reverse-engineering-re-of-your-android-application/

   ・ Android App 逆向分析对抗措施 – Jett


• [Fuzzing, Tools] README.md:
https://github.com/CodeIntelligenceTesting/jazzer

   ・ Jazzer – 基于 libFuzzer 实现的 Fuzz JVM 的工具 – Jett


• RunAsS4U v1.0:
https://github.com/diversenok/NtTools/releases/tag/v1.0-RunAsS4U

   ・ RunAsS4U – 无需密码以其他用户身份执行代码的工具(Windows) – Jett


• Exploitation of CVE-2021-21220 – From Incorrect JIT Behavior to RCE:
https://www.thezdi.com/blog/2021/12/15/exploitation-of-cve-2021-21220-from-incorrect-jit-behavior-to-rce

   ・ Pwn2Own 2021 利用 v8 JIT 的问题实现 RCE – Jett


• 从零到一带你深入 log4j2 Jndi RCE CVE-2021-44228漏洞:
http://blog.topsec.com.cn/%e4%bb%8e%e9%9b%b6%e5%88%b0%e4%b8%80%e5%b8%a6%e4%bd%a0%e6%b7%b1%e5%85%a5-log4j2-jndi-rce-cve-2021-44228%e6%bc%8f%e6%b4%9e/

   ・ 从零到一带你深入 log4j2 Jndi RCE CVE-2021-44228漏洞 – Jett


• [iOS] Pegasus vs. Predator Dissident’s Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware:
https://citizenlab.ca/2021/12/pegasus-vs-predator-dissidents-doubly-infected-iphone-reveals-cytrox-mercenary-spyware/

   ・ CitizenLab 发布间谍攻击分析报告称,有埃及人的手机同时感染了 NSO Pegasus 和 Cytrox Predator 两款间谍软件 – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(12-17)

版权声明:admin 发表于 2021年12月17日 上午4:10。
转载请注明:每日安全动态推送(12-17) | CTF导航

相关文章

Trend Micro Mobile Security 认证绕过/文件上传/文件包含 RCE
admin
47
【未知】Zoho ManageEngine ADSelfService Plus 用户名枚举
admin
618
每周云安全资讯-2022年第52周
admin
347
技术分享|基于图实现 Kubernetes 异常权限检测
admin
39
技术幻影-揭开fscan免杀的面纱
admin
418
CVE-2020-8558-跨主机访问127.0.0.1
admin
553

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...

相关文章

每日安全动态推送(4-18)
0
Weblogic RCE(CVE-2024-21006)
0
OpenClinic GA 5.247.01 – Path Traversal (Authenticated)
0
Jenkins 2.441 – Local File Inclusion
0
Catcher(捕手)
0
CVE-2024-2448: Authenticated Command Injection In Progress Kemp LoadMaster
0
PoC Exploit Released for 0-day Windows Kernel Elevation of Privilege Vulnerability (CVE-2024-21338)
0
Active Directory – Read Only Domain Controller
0
每日安全动态推送(4-16)
0
每日安全动态推送(4-15)
0