Tencent Security Xuanwu Lab Daily News
• G.O.S.S.I.P 学术论文推荐 2022-03-14 Arbiter:
https://mp.weixin.qq.com/s/DZ2Nd5sIjWOuAGwLzBEQGQ
・ G.O.S.S.I.P 学术论文推荐 – 二进制分析工具 Arbiter
– Jett
• GitHub – antx-code/CVE-2021-35587: Oracle Access Manager Unauthenticated Attacker Vulnerability CVE-2021-35587:
https://github.com/antx-code/CVE-2021-35587
・ Oracle Access Manager Unauthenticated Attacker Vulnerability CVE-2021-35587
– Jett
• Shiro后渗透拓展面:
https://tttang.com/archive/1472/
・ Shiro后渗透拓展面
– lanying37
• How a macOS bug could have allowed for a serious phishing attack against users:
https://rambo.codes/posts/2022-03-15-how-a-macos-bug-could-have-allowed-for-a-serious-phishing-attack-against-users
・ macOS CoreFollowUp 机制可用于钓鱼用户 AppleID 用户名密码(CVE-2022-22660)
– Jett
• About the security content of iOS 15.4 and iPadOS 15.4 – Apple 支持 (中国):
https://support.apple.com/zh-cn/HT213182
・ Apple 发布 iOS 15.4 版本,修复多个漏洞,其中包括玄武实验室报告的多个漏洞
– Jett
• The Discovery and Exploitation of CVE-2022-25636 · Nick Gregory:
https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/
・ Linux kernel netfilter 越界写漏洞(CVE-2022-25636)的分析和利用
– Jett
• Watchers:
https://github.com/tihmstar/desc_race-fun_public
・ iOS 15.1 kernel exploit POC for CVE-2021-30955
– Jett
• GitHub – mborgerson/mdec: Decompilation as a Service. Explore multiple decompilers and compare their output with minimal effort. Upload binary, get decompilation.:
https://github.com/mborgerson/mdec
・ Decompilation as a Service,多款反编译器处理同一个文件,方便对比结果
– Jett
• Root-cause:
https://github.com/0vercl0k/CVE-2022-21971
・ Windows Runtime RCE CVE-2022-21971 PoC
– Jett
• GitHub – commial/ttd-bindings: Bindings for Microsoft WinDBG TTD:
https://github.com/commial/ttd-bindings
・ Bindings for Microsoft WinDBG TTD,支持 diff WinDBG TTD Trace 的结果
– Jett
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(03-15)
