每日安全动态推送(03-28)

渗透技巧 2年前 (2022) admin
858 0 0
Tencent Security Xuanwu Lab Daily News


• LINE CTF 2022 – mail (pwn):
https://blog.idiot.sg/2022-03-27/line-ctf-2022-mail/

   ・ LINE CTF 2022 – mail (pwn) writeup – Jett


• [Tools] Mining data from Cobalt Strike beacons:
https://research.nccgroup.com/2022/03/25/mining-data-from-cobalt-strike-beacons/

   ・ Mining data from Cobalt Strike beacons – Jett


• Google Chrome Zero-Day Bugs Exploited Weeks Ahead of Patch:
https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/

   ・ Chrome 浏览器紧急发布更新,修复被朝鲜 APT 组织使用的 0Day – Jett


• Towards Practical Security Optimizations for Binaries:
https://blog.trailofbits.com/2022/03/25/towards-practical-security-optimizations-for-binaries/

   ・ 编译器优化可能会引入安全问题,来自 Trail of Bits 的研究 – Jett


• [Tools] CoolerVoid/codecat:
https://github.com/CoolerVoid/codecat

   ・ CodeCat – 支持对用户输入 SINK 分析的静态代码分析工具 – Jett


• [PDF] https://www2.cs.arizona.edu/~debray/Publications/vee21.pdf:
https://www2.cs.arizona.edu/~debray/Publications/vee21.pdf

   ・ Automated Bug Localization in JIT Compilers(Paper) – Jett


• Finding bugs to trigger Unauthenticated Command Injection in a NETGEAR router (PSV-2022–0044):
https://flattsecurity.medium.com/finding-bugs-to-trigger-unauthenticated-command-injection-in-a-netgear-router-psv-2022-0044-2b394fb9edc

   ・ NETGEAR 路由器命令注入漏洞(PSV-2022–0044)的发现过程 – Jett


• CVE-2022-0995:
https://github.com/Bonfee/CVE-2022-0995

   ・ 有研究员公开了 Linux 内核 watch_queue 越界写漏洞(CVE-2022-0995)Exploit – Jett


• watchguard_cve-2022-26318:
https://github.com/Throns1956/watchguard_cve-2022-26318

   ・ Watchguard RCE CVE-2022-26318 PoC  – Jett


• PHP filter_var shenanigans:
https://pwning.systems/posts/php_filter_var_shenanigans/

   ・ 利用 filter 自身的 Bug 绕过 PHP filter_var 的检查 – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(03-28)

版权声明:admin 发表于 2022年3月28日 上午11:59。
转载请注明:每日安全动态推送(03-28) | CTF导航

相关文章

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...