每日安全动态推送(2-20)

渗透技巧 1年前 (2023) admin
442 0 0
Tencent Security Xuanwu Lab Daily News

• I’m Building a Self-Destructing USB Drive:
https://interruptlabs.ca/2022/07/29/I-m-Building-a-Self-Destructing-USB-Drive/

   ・ 制作可自毁的U盘 – WireFish


• [BugTales] REUnziP: Re-Exploiting Huawei Recovery With FaultyUSB:
https://labs.taszk.io/articles/post/reunzip/

   ・ 利用华为SD-Update模式的检测和使用时间不一致,替换更新数据包,绕过签名验证,获取root权限。 – P4nda


• Spam and phishing in 2022:
https://kas.pr/9ir7

   ・ 卡巴斯基 2022 年的垃圾邮件和钓鱼监测报告。包含2022年钓鱼邮件相关数据,图表,钓鱼手段,邮件样例等。 – ThomasonZhao


• [Browser] The new Bing & Edge – Learning from our first week:
https://blogs.bing.com/search/february-2023/The-new-Bing-Edge-–-Learning-from-our-first-week/

   ・ 微软关于new bing的一周总结。 – Atum


• Dissecting the Vulnerabilities – A Comprehensive Teardown of acmailer’s N-Days:
https://starlabs.sg/blog/2023/02-dissecting-the-vulnerabilities-a-comprehensive-teardown-of-acmailer/

   ・ 深入剖析acmailer的两个nday漏洞-CVE-2021-20617 & CVE-2021-20618 – crazyman


• Citrix CVE-2022-27518 漏洞分析:
https://paper.seebug.org/2049/

   ・ Citrix CVE-2022-27518 漏洞分析 – lanying37


• [Tools] Blue Hat 2023 and UEFI Secure Boot:
http://vzimmer.blogspot.com/2023/02/blue-hat-2023-and-uefi-secure-boot.html

   ・ Blue Hat 2023,作者介绍了由其中一个 UEFI Secure Boot 演讲所引发出的思考和回顾。 – WireFish


• [Windows] EoP via Arbitrary File Write/Overwite in Group Policy Client “gpsvc” – CVE-2022-37955:
http://decoder.cloud/2023/02/16/eop-via-arbitrary-file-write-overwite-in-group-policy-client-gpsvc-cve-2022-37955/

   ・ Windows本地提权漏洞(CVE-2022-37955)细节,配置了文件首选项域组策略的用户可以通过符号链接以system权限造成任意文件覆盖,从而导致提权。 – P4nda


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(2-20)

版权声明:admin 发表于 2023年2月20日 上午10:23。
转载请注明:每日安全动态推送(2-20) | CTF导航

相关文章

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...