CTF导航 CTF导航

每日安全动态推送(01-13)

渗透技巧 2年前 (2022) admin
753 0 0
Tencent Security Xuanwu Lab Daily News


• Vulnerabilities and Threats in Local Authorization on iOS Devices:
https://www.securing.pl/en/vulnerabilities-and-threats-in-local-authorization-on-ios-devices/

   ・ iOS App 依赖本地认证的威胁攻击面 – Jett


• windows内核之Null指针解引用(四):
https://tttang.com/archive/1400/

   ・ windows内核之Null指针解引用(四). – lanying37


• CVE-2020-9715: Exploiting the Adobe ESObject Use-After-Free Vulnerability:
https://www.pixiepointsecurity.com/blog/nday-cve-2020-9715.html

   ・ Adobe Acrobat Reader ESObject UAF 漏洞的分析和利用(CVE-2020-9715) – Jett


• Pwn2Own Vancouver Returns for the 15th Anniversary of the Contest:
https://www.zerodayinitiative.com/blog/2022/1/12/pwn2own-vancouver-2022-luanch#auto

   ・ 即将举办的 2022 Pwn2Own Vancouver 比赛的项目及规则公布了 – Jett


• Project Torogoz Extensive Hacking of Media & Civil Society in El Salvador with Pegasus Spyware:
https://citizenlab.ca/2022/01/project-torogoz-extensive-hacking-media-civil-society-el-salvador-pegasus-spyware/

   ・ 来自 CitizenLab 对 Pegasus 的研究报告 – “Extensive Hacking of Media & Civil Society in El Salvador with Pegasus Spyware” – Jett


• [PDF] https://hernan.de/research/papers/firmwire-ndss22-hernandez.pdf:
https://hernan.de/research/papers/firmwire-ndss22-hernandez.pdf

   ・ FIRMWIRE – 基带处理器固件的模拟执行平台,用于固件的动态分析(Paper) – Jett


• IOCTL 0xCF532013:
https://github.com/kasif-dekel/OSR_DeviceTree_Vuln/blob/main/README.md

   ・ 有研究员向 OSR DeviceTree 提交了一个本地提权漏洞,OSR 直接从网站上移除了该工具 – Jett


• [Malware, macOS] SysJoker, the first (macOS) malware of 2022!:
https://objective-see.com/blog/blog_0x6C.html

   ・ 安全研究人员发表2022年 (macOS)平台第一个新的“SysJoker ”恶意软件安全报告.  – lanying37


• [Windows] Signed kernel drivers – Unguarded gateway to Windows’ core:
https://www.welivesecurity.com/2022/01/11/signed-kernel-drivers-unguarded-gateway-windows-core/

   ・ ESET 对恶意软件开发者滥用有效签名驱动的漏洞加载恶意驱动的案例研究报告 – Jett


• Handling Malicious Microsoft Office Files During Incident Response:
https://www.intezer.com/blog/malware-analysis/analyze-malicious-microsoft-office-files/

   ・ 恶意 Office 文件的分析 – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(01-13)

版权声明:admin 发表于 2022年1月13日 上午4:19。
转载请注明:每日安全动态推送(01-13) | CTF导航

相关文章

CVE-2023-25365 / Bypass通过文件上传XSS
admin
55
像fofa一样解析RDP信息,RDP提取操作系统,RDP登录截屏 (Golang实现)
admin
572
利用NPM仓库充当文件托管服务
admin
705
代码审计-CVE-2023-6654-PHPEMS-加密-解密分析
admin
51
红队开发 – 事件追踪ETW (1/5) – 基础知识
admin
272
反序列化POP链技术详解
admin
562

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...

相关文章

EvilGophish’s Approach to Advanced Bot Detection with Cloudflare Turnstile
0
CreateRCE — Yet Another Vulnerability in CreateUri
0
BGPWatch — BGP路由分析和诊断平台
0
进程命令行参数欺骗
0
内容劫持 | Electron 安全
0
凭据获取之浏览器
0
实战环境中的Redis 延时注入
0
每日安全动态推送(4-18)
0
漏洞挖掘 | DreamerCMS RCE (CVE-2024-3311)
0
Weblogic RCE(CVE-2024-21006)
0