每日安全动态推送(02-23)

渗透技巧 2年前 (2022) admin
804 0 0
Tencent Security Xuanwu Lab Daily News


• cargo-libafl:
https://github.com/AFLplusplus/cargo-libafl

   ・ cargo-libafl – Fuzz Rust code with LibAFL  – Jett


• tmp.0ut:
https://tmpout.sh/2/

   ・ tmp.0ut 杂志第 2 期 – Jett


• The AMD Branch (Mis)predictor: Just Set it and Forget it!:
https://grsecurity.net/amd_branch_mispredictor_just_set_it_and_forget_it

   ・ AMD CPU branch predictor 的细节以及相关的安全对抗 – Jett


• [PDF] https://redhuntlabs.com/wp-content/uploads/2022/02/A-Practical-Guide-to-Attacking-JWT-JSON-Web-Tokens.pdf:
https://redhuntlabs.com/wp-content/uploads/2022/02/A-Practical-Guide-to-Attacking-JWT-JSON-Web-Tokens.pdf

   ・ A Practical Guide to Attacking JWT JSON Web Tokens – Jett


• [iOS, Web] 1230444 – Cross-site information leak – Leaking cross-origin redirect destination URI due to CORS (iOS) – chromium:
https://crbug.com/1230444

   ・ Issue 1230444: Cross-site information leak – Leaking cross-origin redirect destination URI due to CORS (iOS) – Jett


• NFT Investors Lose $1.7M in OpenSea Phishing Attack:
https://threatpost.com/nft-investors-lose-1-7m-in-opensea-phishing-attack/178558/

   ・ 攻击者从 OpenSea NFT 市场的 17 位投资者窃取 170 万美金 – Jett


• 影子凭据(译文):
https://tttang.com/archive/1440/

   ・ 影子凭据(译文) – lanying37


• [Linux] [PDF] https://gangw.cs.illinois.edu/ndss22-linux.pdf:
https://gangw.cs.illinois.edu/ndss22-linux.pdf

   ・ An In-depth Analysis of Duplicated Linux Kernel Bug Reports(Paper) – Jett


• Bvp47——来自美国国安局方程式组织的顶级后门:
https://mp.weixin.qq.com/s/WTlRPzUv3npV8xd9KRJoQw

   ・ Bvp47——来自美国国安局方程式组织的顶级后门 – Jett


• samsung-q60t-exploit/slides/presentation.pdf:
https://github.com/synacktiv/samsung-q60t-exploit/blob/main/slides/presentation.pdf

   ・ Rooting 三星 Q60T 智能电视 – Jett


• Relaying Kerberos over DNS using krbrelayx and mitm6:
https://dirkjanm.io/relaying-kerberos-over-dns-with-krbrelayx-and-mitm6/

   ・ Relaying Kerberos over DNS using krbrelayx and mitm6 – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(02-23)

版权声明:admin 发表于 2022年2月23日 上午4:21。
转载请注明:每日安全动态推送(02-23) | CTF导航

相关文章

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...