每日安全动态推送(10-12)

渗透技巧 9个月前 admin
113 0 0
Tencent Security Xuanwu Lab Daily News

• GitHub – chompie1337/Windows_MSKSSRV_LPE_CVE-2023-36802: LPE exploit for CVE-2023-36802:
https://github.com/chompie1337/Windows_MSKSSRV_LPE_CVE-2023-36802

   ・ Windows CVE-2023-36802 本地提权 EXP – WireFish


• Relaying NTLM to MSSQL:
https://blog.compass-security.com/2023/10/relaying-ntlm-to-mssql/

   ・ Relaying NTLM to MSSQL – WireFish


• Using the Windows Server Protocols documentation set to better understand the Active Directory Schema:
https://learn.microsoft.com/en-us/archive/blogs/openspecification/using-the-windows-server-protocols-documentation-set-to-better-understand-the-active-directory-schema

   ・ 通过Windows文档来帮助理解Active Directory – WireFish


• GPU.zip attack in simple terms:
https://kas.pr/bc6q

   ・ 攻击GPU的漏洞,可从可视化系统中窃取机密或者窃取压缩数据 – WireFish


• How I made a heap overflow in curl:
https://daniel.haxx.se/blog/2023/10/11/how-i-made-a-heap-overflow-in-curl/

   ・ curl 堆溢出漏洞分析 – WireFish


• PVS-Studio: static code analyzer:
https://link.medium.com/Xd5W2XZrMDb

   ・ PVS-Studio,静态代码分析器 – WireFish


• HTTP/2 Rapid Reset Vulnerability, CVE-2023-44487 | CISA:
https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487

   ・ HTTP/2 Rapid 重置漏洞,可导致拒绝服务 – WireFish


• SOCKS5 heap buffer overflow:
https://curl.se/docs/CVE-2023-38545.html

   ・ curl SOCKS5 heap buffer overflow – WireFish


• D-Link DAP-X1860: Remote Command Injection:
https://www.redteam-pentesting.de/advisories/rt-sa-2023-006

   ・ D-Link DAP-X1860 WiFi6信号扩展器远程命令注入 – WireFish


• Alex Chapman: How to Be a High-Impact Hacker (Ep. 31):
https://buff.ly/3PLiCmd

   ・ 如何成为一个高影响力的黑客 – WireFish


• An Algorithm to Detect Hosting Providers and their IP Ranges:
https://ipapi.is/blog/detecting-hosting-providers.html

   ・ 检测云服务提供商及其IP段的方法 – WireFish


• MacOS “DirtyNIB” Vulnerability: Let Attackers Execute Malicious Code:
https://gbhackers.com/macos-dirtynib-vulnerability/

   ・ MacOS DirtyNIB 漏洞可导致恶意代码执行 – WireFish


• GitHub – clearbluejar/ghidriff: Python Command-Line Ghidra Binary Diffing Engine:
https://github.com/clearbluejar/ghidriff

   ・ Ghidra 二进制 diff 工具 – WireFish


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(10-12)

版权声明:admin 发表于 2023年10月12日 下午3:55。
转载请注明:每日安全动态推送(10-12) | CTF导航

相关文章

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...