Tencent Security Xuanwu Lab Daily News
• [Vulnerability] SSD Advisory – SonicWall SSL-VPN Out Of Bounds Write DoS – SSD Secure Disclosure:
https://ssd-disclosure.com/ssd-advisory-sonicwall-ssl-vpn-out-of-bounds-write-dos/
・ SonicWall SSL-VPN 越界写入 DoS 漏洞,漏洞的根本原因可能在 httpServer 函数中找到。
– SecTodayBot
• Vulnerability Spotlight: Buffer overflow vulnerability in ADMesh library:
https://blog.talosintelligence.com/vulnerability-spotlight-buffer-overflow-vulnerability-in-admesh-library/
・ ADMesh 库中的堆缓冲区溢出漏洞
– SecTodayBot
• [Tools] How often should security audits be?:
http://go.att.com/c77f3a92
・ 网络安全审计建立了一套标准,组织可以使用这些标准来检查他们已采取的预防性网络安全措施,以确保他们保护自己免受外部和内部威胁。
– SecTodayBot
• Grand Theft Auto III/Vice City Skin File v1.1 – Buffer Overflow:
http://dlvr.it/SlwgHv
・ GTA 3/罪恶都市皮肤文件溢出 PoC
– WireFish
• Using Live Trace to Record Linux Kernel Debugging Sessions:
https://sysprogs.com/VisualKernel/tutorials/tracing/
・ 使用 VisualKernel 4.0 的实时跟踪记录 Linux 内核调试会话教程
– lanying37
• [macOS] A Tour of Mac OS X Shellcode Injection:
https://saulpanders.github.io/2022/02/28/OSX-Shellcode-Injection-Tour.html
・ 如何使用 root 权限对 macos 进程做 shellcode 注入
– WireFish
• [Android] Mobile Pentesting 101 – How to set up your Android Environment:
https://securitycafe.ro/2023/04/03/mobile-pentesting-101-how-to-set-up-your-android-environment/
・ 移动安全101,如何设置您的 Android 环境
– SecTodayBot
• Objective-See’s Blog:
https://objective-see.org/blog/blog_0x74.html
・ 分析 3CX 供应链攻击中的二阶段 macos Payload – UpdateAgent
– WireFish
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(4-6)