Tencent Security Xuanwu Lab Daily News
• cargo-libafl:
https://github.com/AFLplusplus/cargo-libafl
・ cargo-libafl – Fuzz Rust code with LibAFL
– Jett
• tmp.0ut:
https://tmpout.sh/2/
・ tmp.0ut 杂志第 2 期
– Jett
• The AMD Branch (Mis)predictor: Just Set it and Forget it!:
https://grsecurity.net/amd_branch_mispredictor_just_set_it_and_forget_it
・ AMD CPU branch predictor 的细节以及相关的安全对抗
– Jett
• [PDF] https://redhuntlabs.com/wp-content/uploads/2022/02/A-Practical-Guide-to-Attacking-JWT-JSON-Web-Tokens.pdf:
https://redhuntlabs.com/wp-content/uploads/2022/02/A-Practical-Guide-to-Attacking-JWT-JSON-Web-Tokens.pdf
・ A Practical Guide to Attacking JWT JSON Web Tokens
– Jett
• [iOS, Web] 1230444 – Cross-site information leak – Leaking cross-origin redirect destination URI due to CORS (iOS) – chromium:
https://crbug.com/1230444
・ Issue 1230444: Cross-site information leak – Leaking cross-origin redirect destination URI due to CORS (iOS)
– Jett
• NFT Investors Lose $1.7M in OpenSea Phishing Attack:
https://threatpost.com/nft-investors-lose-1-7m-in-opensea-phishing-attack/178558/
・ 攻击者从 OpenSea NFT 市场的 17 位投资者窃取 170 万美金
– Jett
• 影子凭据(译文):
https://tttang.com/archive/1440/
・ 影子凭据(译文)
– lanying37
• [Linux] [PDF] https://gangw.cs.illinois.edu/ndss22-linux.pdf:
https://gangw.cs.illinois.edu/ndss22-linux.pdf
・ An In-depth Analysis of Duplicated Linux Kernel Bug Reports(Paper)
– Jett
• Bvp47——来自美国国安局方程式组织的顶级后门:
https://mp.weixin.qq.com/s/WTlRPzUv3npV8xd9KRJoQw
・ Bvp47——来自美国国安局方程式组织的顶级后门
– Jett
• samsung-q60t-exploit/slides/presentation.pdf:
https://github.com/synacktiv/samsung-q60t-exploit/blob/main/slides/presentation.pdf
・ Rooting 三星 Q60T 智能电视
– Jett
• Relaying Kerberos over DNS using krbrelayx and mitm6:
https://dirkjanm.io/relaying-kerberos-over-dns-with-krbrelayx-and-mitm6/
・ Relaying Kerberos over DNS using krbrelayx and mitm6
– Jett
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(02-23)