Tencent Security Xuanwu Lab Daily News
• CVE-2022-27666: Exploit esp6 modules in Linux kernel:
https://etenal.me/archives/1825
・ CVE-2022-27666: Exploit esp6 modules in Linux kernel
– Jett
• SpringCloudFunction漏洞分析:
https://hosch3n.github.io/2022/03/26/SpringCloudFunction%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/
・ SpringCloudFunction漏洞分析 .
– lanying37
• Ruby Deserialization – Gadget on Rails:
https://github.com/httpvoid/writeups/blob/main/Ruby-deserialization-gadget-on-rails.md
・ 在 Rails 找 Gadget 实现 Ruby Deserialization 漏洞的利用
– Jett
• Attacking Active Directory: 0 to 0.9(译文,上篇):
https://tttang.com/archive/1509/
・ Attacking Active Directory: 0 to 0.9(译文,上篇)
– lanying37
• Whitepaper – Double Fetch Vulnerabilities in C and C++:
https://research.nccgroup.com/2022/03/28/whitepaper-double-fetch-vulnerabilities-in-c-and-c/
・ NCC Group 对 C/C++ Double Fetch 漏洞的研究报告
– Jett
• T1098 – Account Manipulation:
https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098/T1098.md
・ 渗透测试中的 Account 修改方法(Windows/域账户/AWS/Auzre)
– Jett
• Your NAS is not your NAS !:
https://devco.re/blog/2022/03/28/your-NAS-is-not-your-NAS/
・ Your NAS is not your NAS,Synology NAS RCE 漏洞分析
– Jett
• Firewall bypass with CARP in Packet Filter:
https://medium.com/sensorfu/firewall-bypass-with-carp-in-packet-filter-c4ed70fb7dd7
・ Firewall bypass with CARP in Packet Filter
– Jett
• [Tools] README.md:
https://github.com/Wilfred/difftastic
・ Difftastic – 支持语法格式的 Diff 工具
– Jett
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(03-29)
