每日安全动态推送(9-4)

Tencent Security Xuanwu Lab Daily News

• CVE-2023-29357 – Microsoft SharePoint ValidateTokenIssuer 身份验证绕过漏洞分析:
https://paper.seebug.org/3021/

   ・ Microsoft SharePoint ValidateTokenIssuer 身份验证绕过漏洞分析 – SecTodayBot


• From Hidden Bee to Rhadamanthys - The Evolution of Custom Executable Formats - Check Point Research:
https://research.checkpoint.com/2023/from-hidden-bee-to-rhadamanthys-the-evolution-of-custom-executable-formats/

   ・ 介绍恶意软件所使用的自制可执行程序的结构 – SecTodayBot


• File Binding Methods(RTC0015):
https://redteamrecipe.com/File-Binding-Methods/

   ・ 创建文件绑定方法总结 – lanying37


• How To Hack WhatsApp & Telegram Using SS7 Flaw:
https://gist.github.com/Esauromano/adbb23118b8fdb2a52cd3d283086e25a

   ・ 利用Signalling System 7漏洞可以以任意手机号发送、接受短信,借此可用来攻击WhatsApp、Telegram等应用 – SecTodayBot


• Zenbleed (CVE-2023-20593):
https://www.youtube.com/watch?v=9EY_9KtxyPg

   ・ 影响 AMD Zen2 全系列 CPU 的漏洞 – SecTodayBot


• Phishing with Visual Studio Code:
https://vimeo.com/853281700?share=copy

   ・ 基于VS Code的钓鱼 – SecTodayBot


• What is a "good" Linux Kernel bug?:
https://blog.isosceles.com/what-is-a-good-linux-kernel-bug/

   ・ 对于 Linux 内核来说,什么样的漏洞是”好“漏洞? – SecTodayBot


• SS7 Attack Simulator based on RestComm's jss7.:
https://github.com/polarking/jss7-attack-simulator

   ・ SS7 攻击模拟器 – SecTodayBot


• Game of Rars--探索 WinRAR 中新的远程代码执行漏洞(CVE-2023-40477):
https://paper.seebug.org/3019/

   ・ 探索 WinRAR 中新的远程代码执行漏洞 – SecTodayBot


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(9-4)

版权声明:admin 发表于 2023年9月4日 上午11:17。
转载请注明:每日安全动态推送(9-4) | CTF导航

相关文章

暂无评论

暂无评论...