每日安全动态推送(01-18)

渗透技巧 2年前 (2022) admin
649 0 0
Tencent Security Xuanwu Lab Daily News


• [Tools] 0vercl0k/rp:
https://github.com/0vercl0k/rp

   ・ 研究员 Axel Souchet 开源了一个支持多平台的 ROP gadget 搜索工具 – Jett


• [Windows] CVE-2022-21907:
https://github.com/antx-code/CVE-2022-21907

   ・ GitHub 上出现 Windows HTTP 协议栈远程代码执行漏洞(CVE-2022-21907)的 PoC – Jett


• Awesome Executable Packing:
https://github.com/dhondta/awesome-executable-packing

   ・ 可执行文件加壳相关的资料和工具整理 – Jett


• IPv6 Security & Capability Testing, Part 2:
https://theinternetprotocolblog.wordpress.com/2020/05/26/ipv6-security-capability-testing-part-2/

   ・ IPv6 Security & Capability Testing, Part 2 – Jett


• Apache HTTP Server mod_lua模块缓冲区溢出漏洞分析(CVE-2021-44790):
https://mp.weixin.qq.com/s/VjSpJW-1sYM1BwDPQZDqFA

   ・ Apache HTTP Server mod_lua 模块缓冲区溢出漏洞分析(CVE-2021-44790) – Jett


• Security Hardening: Use of eBPF by unprivileged users has been disabled by default | Support | SUSE:
https://www.suse.com/support/kb/doc/?id=000020545

   ・ SUSE 发行版因担心 eBPF 的漏洞决定限制普通用户使用 eBPF – Jett


• [Tools] Capturing RDP NetNTLMv2 Hashes: Attack details and a Technical How-To Guide:
https://www.gosecure.net/blog/2022/01/17/capturing-rdp-netntlmv2-hashes-attack-details-and-a-technical-how-to-guide/

   ・ 基于 PyRDP 工具从 RDP 流量中截获 RDP NetNTLMv2 Hash – Jett


• 不完美的条件竞争JNDI漏洞利用链发现过程:
https://tttang.com/archive/1409/

   ・ 不完美的条件竞争JNDI漏洞利用链发现过程. – lanying37


• Intro to Embedded RE Part 1: Tools and Series Overview:
https://voidstarsec.com/blog//2022/01/17/intro-to-embedded-part-1

   ・ 嵌入式设备逆向所需的工具链 – Jett


• StopDefender:
https://github.com/lab52io/StopDefender

   ・ 从 TrustedInstaller 和 winlogon 窃取 token,禁用 Windows Defender – Jett


• Stealing administrative JWT’s through post auth SSRF (CVE-2021-22056):
https://blog.assetnote.io/2022/01/17/workspace-one-access-ssrf/

   ・ 利用 VMWare Workspace One Access 的 SSRF 漏洞泄露管理员身份 JWT – Jett


• [Reverse Engineering, Tools] README.md:
https://github.com/ptswarm/reFlutter

   ・ reFlutter – Flutter 逆向框架,辅助逆向基于 Flutter 包构建的 App – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(01-18)

版权声明:admin 发表于 2022年1月18日 上午4:02。
转载请注明:每日安全动态推送(01-18) | CTF导航

相关文章

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...