Tencent Security Xuanwu Lab Daily News
• Non-administrative DCOM Execution: Exploring BloodHound’s ExecuteDCOM:
https://simondotsh.com/infosec/2021/12/29/dcom-without-admin.html
・ Non-administrative DCOM Execution: Exploring BloodHound’s ExecuteDCOM
– Jett
• Cisco StarOS Flaw Let Attackers Gain Remote Code Execution on Vulnerable Device:
https://gbhackers.com/cisco-staros-flaw/
・ Cisco StarOS 被发现 RCE 漏洞
– Jett
• README.md:
https://github.com/RangerNJU/Static-Program-Analysis-Book
・ 静态程序分析入门教程
– Jett
• [Android] Snooping on Android 12’s Privacy Dashboard:
http://thebinaryhick.blog/2022/01/22/snooping-on-android-12s-privacy-dashboard/
・ Snooping on Android 12’s Privacy Dashboard.
– lanying37
• Azure Active Directory:
https://github.com/rootsecdev/Azure-Red-Team
・ Azure 云环境安全测试相关的资料
– Jett
• Table Of Contents:
https://github.com/ly4k/Certipy
・ Certipy – Python implementation for Active Directory certificate abuse
– Jett
• Fuzzercorn:
https://github.com/wtdcode/fuzzercorn
・ 为 Unicorn 模拟器引擎提供 libfuzzer 的支持
– Jett
• GitHub – rui314/mold: mold: A Modern Linker:
https://github.com/rui314/mold
・ mold – 一款主打性能的链接器,比 LLVM lld 快
– Jett
• Path Traversal Paradise:
https://kuldeep.io/posts/path-traversal-paradise/
・ VMWare VCenter、Spring Boot 等多个产品的路径穿越漏洞案例
– Jett
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(01-24)
