CTF导航 CTF导航

每日安全动态推送(2-28)

渗透技巧 2个月前 admin
35 0 0
Tencent Security Xuanwu Lab Daily News

• Nullcon Goa 2023 | Self-Signed, Why Not! Exploiting Insecure Certificate Validation In iOS And macOS:
https://www.youtube.com/watch?feature=shared&v=bWidokJKuUc

   ・ 如何利用iOS和macOS中的不安全证书验证漏洞。此次演讲发生在Nullcon Goa 2023,是一个知名的网络安全会议。 – SecTodayBot


• QR Code Phishing with EvilGophish:
https://fin3ss3g0d.net/index.php/2024/02/24/qr-code-phishing-with-evilgophish/

   ・ 讨论了QR码作为一种新的网络威胁手段,并介绍了使用EvilGophish这一安全工具来武器化QR码的新方法。 – SecTodayBot


• Windows RDP Event Logs: Part-2:
https://systemweakness.com/windows-rdp-event-logs-part-2-bbbc35898455

   ・ 重点介绍了对远程桌面协议(RDP)事件日志的调查,特别是与安全调查相关的事件ID的详细分析。 – SecTodayBot


• Advanced CyberChef Techniques for Configuration Extraction – Detailed Walkthrough and Examples:
https://embee-research.ghost.io/advanced-cyberchef-operations-netsupport/

   ・ 介绍了使用CyberChef进行配置提取的高级技术,涵盖了注册,正则表达式和流程控制等多个复杂操作。通过示例演示了这些技术如何应用于开发多阶段恶意软件加载器的配置提取器。 – SecTodayBot


• Joomla: PHP Bug Introduces Multiple XSS Vulnerabilities:
https://www.sonarsource.com/blog/joomla-multiple-xss-vulnerabilities/

   ・ Joomla的漏洞CVE-2024-21726可以通过PHP mbstring函数的不一致性被利用,攻击者可以绕过Joomla的输入净化,导致多个XSS漏洞。 – SecTodayBot


• Defeating debug protections with Corellium:
https://www.corellium.com/blog/defeating-debug-protections-with-corellium

   ・ 介绍了针对移动应用程序的动态分析技术,并讨论了如何加速分析过程以及化解对分析过程的阻碍。同时还介绍了OWASP移动应用程序安全验证标准(MASVS)以及反调试技术。 – SecTodayBot


• Exploiting fine-grained AWS IAM permissions for total cloud compromise: a real world example (part…:
https://infosecwriteups.com/exploiting-fine-grained-aws-iam-permissions-for-total-cloud-compromise-a-real-world-example-part-5a2f3de4be08

   ・ 讨论了如何枚举和利用AWS IAM权限 – SecTodayBot


• PyRIT : Automated AI Toolkit For Security Professionals:
https://cybersecuritynews.com/pyrit-ai-security-toolkit/

   ・ PyRIT可以帮助安全专业人员和机器学习工程师发现生成式人工智能系统中的风险。 – SecTodayBot


• A StrongREJECT for Empty Jailbreaks:
https://arxiv.org/abs/2402.10260

   ・ 介绍了大型语言模型的误用问题,以及提出了一个新的评估标准StrongREJECT,以更准确地区分有效和无效的破解技术。 – SecTodayBot


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(2-28)

版权声明:admin 发表于 2024年2月28日 下午4:26。
转载请注明:每日安全动态推送(2-28) | CTF导航

相关文章

每日安全动态推送(04-12)
admin
636
CVE-2023-35359 analysis
admin
315
每日安全动态推送(12-10)
admin
475
某站群命令执行之官方审核
admin
399
【高危】CVE-2021-43798 GRAFANA 路径遍历漏洞
admin
1,210
lzCloudSecurity-《云安全攻防入门》教材
admin
55

相关文章

Cookie-Monster – BOF To Steal Browser Cookies & Credentials
0
How Did I Easily Find Stored XSS at Apple And Earn $5000 ?
0
How I Discovered an RCE Vulnerability in Tesla, Securing a $10,000 Bounty
0
pgAdmin 8.3 Remote Code Execution
0
How I Prevented a Mass Data Breach – $15,000 bounty – @bxmbn
0
The Windows Registry Adventure #1: Introduction and research results
0
使用 VIM 进行代码审计
0
Progress Flowmon 任意命令执行漏洞 CVE-2024-2389
0
实践调试Ghidra代码和Ghidra脚本
0
Vulnerabilities across keyboard apps reveal keystrokes to network eavesdroppers
0