每日安全动态推送(4-6)

Tencent Security Xuanwu Lab Daily News

• [Vulnerability] SSD Advisory – SonicWall SSL-VPN Out Of Bounds Write DoS – SSD Secure Disclosure:
https://ssd-disclosure.com/ssd-advisory-sonicwall-ssl-vpn-out-of-bounds-write-dos/

   ・ SonicWall SSL-VPN 越界写入 DoS 漏洞，漏洞的根本原因可能在 httpServer 函数中找到。 – SecTodayBot

• Vulnerability Spotlight: Buffer overflow vulnerability in ADMesh library:
https://blog.talosintelligence.com/vulnerability-spotlight-buffer-overflow-vulnerability-in-admesh-library/

   ・ ADMesh 库中的堆缓冲区溢出漏洞 – SecTodayBot

• [Tools] How often should security audits be?:
http://go.att.com/c77f3a92

   ・ 网络安全审计建立了一套标准，组织可以使用这些标准来检查他们已采取的预防性网络安全措施，以确保他们保护自己免受外部和内部威胁。 – SecTodayBot

• Grand Theft Auto III/Vice City Skin File v1.1 – Buffer Overflow:
http://dlvr.it/SlwgHv

   ・ GTA 3/罪恶都市皮肤文件溢出 PoC – WireFish

• Using Live Trace to Record Linux Kernel Debugging Sessions:
https://sysprogs.com/VisualKernel/tutorials/tracing/

   ・ 使用 VisualKernel 4.0 的实时跟踪记录 Linux 内核调试会话教程 – lanying37

• [macOS] A Tour of Mac OS X Shellcode Injection:
https://saulpanders.github.io/2022/02/28/OSX-Shellcode-Injection-Tour.html

   ・ 如何使用 root 权限对 macos 进程做 shellcode 注入 – WireFish

• [Android] Mobile Pentesting 101 – How to set up your Android Environment:
https://securitycafe.ro/2023/04/03/mobile-pentesting-101-how-to-set-up-your-android-environment/

   ・ 移动安全101，如何设置您的 Android 环境 – SecTodayBot

• Objective-See’s Blog:
https://objective-see.org/blog/blog_0x74.html

   ・ 分析 3CX 供应链攻击中的二阶段 macos Payload – UpdateAgent – WireFish

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab

原文始发于微信公众号（腾讯玄武实验室）：每日安全动态推送(4-6)