每日安全动态推送(12-08)

渗透技巧 2年前 (2021) admin
937 0 0
Tencent Security Xuanwu Lab Daily News


• [Virtualization] USB Over Ethernet | Multiple Vulnerabilities in AWS and Other Major Cloud Services:
https://www.sentinelone.com/labs/usb-over-ethernet-multiple-privilege-escalation-vulnerabilities-in-aws-and-other-major-cloud-services/

   ・ USB Over Ethernet – 有研究团队在 Eltima SDK 中发现严重漏洞,影响多款云厂商产品 – Jett


• Kamala Harris is Bluetooth-phobic – POLITICO:
https://www.politico.com/newsletters/west-wing-playbook/2021/12/06/kamala-harris-is-bluetooth-phobic-495343

   ・ 因担心安全问题,美国副总统贺锦丽不使用蓝牙耳机 – Jett


• [Browser] Two Birds with One Stone: An Introduction to V8 and JIT Exploitation:
https://www.zerodayinitiative.com/blog/2021/12/6/two-birds-with-one-stone-an-introduction-to-v8-and-jit-exploitation

   ・ Pwn2Own Vancouver 2021 比赛中 V8 漏洞的分析和利用 – Jett


• [iOS] Hack Different: Pwning iOS 14 with Generation Z Bug:
https://youtu.be/fLXc5PJdtp0

   ・ Hack Different: Pwning iOS 14 with Generation Z Bug. – lanying37


• [Crypto] Status of post-quantum cryptography implementation:
http://blog.quarkslab.com/status-of-post-quantum-cryptography-implementation.html

   ・ 后量子加密实现的现状 – Jett


• Disrupting the Glupteba operation:
https://blog.google/threat-analysis-group/disrupting-glupteba-operation/

   ・ Google 对 Glupteba 攻击行动的分析 – Jett


• [Windows] Windows 10 RCE: The exploit is in the link:
https://positive.security/blog/ms-officecmd-rce

   ・ Windows 10 RCE: The exploit is in the link – Jett


• [Windows] GitHub – wavestone-cdt/EDRSandblast:
https://github.com/wavestone-cdt/EdrSandblast

   ・ EDRSandBlast – EDR bypass through Kernel callbacks removal – Jett


• GitHub – xforcered/xPipe: Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions:
https://github.com/xforcered/xPipe

   ・ 用于枚举 Windows 系统 Pipe 的工具 – Jett


• [Tools] VXUG-Papers/Stealthily Creating Processes at main · vxunderground/VXUG-Papers:
https://github.com/vxunderground/VXUG-Papers/tree/main/Stealthily%20Creating%20Processes

   ・ Stealthily Creating Processes via Abusing Undocumented COM Helppane Libraries – Jett


• 加密后门的木马分析:
https://tttang.com/archive/1342/

   ・ 加密后门的木马分析. – lanying37


• [Reverse Engineering] Reverse Engineering the M1:
https://youtu.be/espRmO41Bg4

   ・ 对M1逆向工程会议演讲视频. – lanying37


• GitHub – rnd-ash/ecu_diagnostics: A Rust crate for ECU diagnostic protocols (UDS / KWP):
https://github.com/rnd-ash/ecu_diagnostics

   ・ 用于实现汽车 ECU 诊断功能的工具 – Jett


• What can I do to prevent this in the future?:
https://www.mandiant.com/resources/fin13-cybercriminal-mexico

   ・ Mandiant 对 FIN13 APT 组织的分析报告 – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(12-08)

版权声明:admin 发表于 2021年12月8日 上午4:11。
转载请注明:每日安全动态推送(12-08) | CTF导航

相关文章

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...