CTF导航 CTF导航

每日安全动态推送(04-06)

渗透技巧 2年前 (2022) admin
958 0 0
Tencent Security Xuanwu Lab Daily News


• MacOS SUHelper Root Privilege Escalation Vulnerability A Deep Dive Into CVE-2022-22639:
https://www.trendmicro.com/en_us/research/22/d/macos-suhelper-root-privilege-escalation-vulnerability-a-deep-di.html

   ・ macOS SUHelper root 本地提权漏洞分析(CVE-2022-22639) – Jett


• [Programming] 潜藏在风平浪静中的波澜——APT-C-00海莲花组织攻击活动动态浅析:
https://mp.weixin.qq.com/s/tBQSbv55lJUipaPWFr1fKw

   ・ 潜藏在风平浪静中的波澜——APT-C-00海莲花组织攻击活动动态浅析  – lanying37


• [PDF] https://tuprints.ulb.tu-darmstadt.de/20660/1/myo_paper.pdf:
https://tuprints.ulb.tu-darmstadt.de/20660/1/myo_paper.pdf

   ・ 基于 AR 设备中肌电图传感器数据(EMG)的 Keylogging 侧信道攻击 – Jett


• Sharing is Caring: Abusing Shared Sections for Code Injection:
https://billdemirkapi.me/sharing-is-caring-abusing-shared-sections-for-code-injection

   ・ 利用 PE 文件中的特殊 Sections 向目标进程注入任意 shellcode  – Jett


• Frida Internal – Part 1: 架构、Gum 与 V8:
https://evilpan.com/2022/04/05/frida-internal/

   ・ Frida Internal – Part 1: 架构、Gum 与 V8 – Jett


• Breaking SecureBoot With SMM by Itai Liba & Assaf Carlsbad – YouTube:
https://www.youtube.com/watch?v=ge_TnLfTv8I

   ・ Breaking SecureBoot With SMM – Jett


• Performing and Preventing Attacks on Azure Cloud Environments through Azure DevOps:
https://labs.f-secure.com/blog/performing-and-preventing-attacks-on-azure-cloud-environments-through-azure-devops/

   ・ Performing and Preventing Attacks on Azure Cloud Environments through Azure DevOps – Jett


• CVE-2022-25372: Local Privilege Escalation in Pritunl VPN Client:
https://rhinosecuritylabs.com/penetration-testing/cve-2022-25372-local-privilege-escalation-in-pritunl-vpn-client/

   ・ 开源企业级 VPN – Pritunl 的 Client 被发现本地提权漏洞 – Jett


• IETF 113:
https://theinternetprotocolblog.wordpress.com/2022/03/30/ietf-113/

   ・ IETF 113线上会议资料。 – lanying37


• [Fuzzing] Fuzzing Like A Caveman 6: Binary Only Snapshot Fuzzing Harness:
https://h0mbre.github.io/Fuzzing-Like-A-Caveman-6/

   ・ Fuzzing Like A Caveman 6: Binary Only Snapshot Fuzzing Harness – Jett


• Randomizing the KUSER_SHARED_DATA Structure on Windows:
https://msrc-blog.microsoft.com/2022/04/05/randomizing-the-kuser_shared_data-structure-on-windows/

   ・ Windows 的 KUSER_SHARED_DATA 结构体要支持 ASLR 了 – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(04-06)

版权声明:admin 发表于 2022年4月6日 下午12:12。
转载请注明:每日安全动态推送(04-06) | CTF导航

相关文章

A Magic Way of XSS in HTTP/2
admin
593
WAF攻防实践
admin
919
反向兼容的RISCV TEE(DAC’22)
admin
472
API NEWS | ​深入了解 Tinder API 网关
admin
301
KubeOperator kubeconfig 未授权访问漏洞 CVE-2023-22480漏洞复现
admin
517
狼又来啦!快使用LATCH来阻止npm生态的安装时攻击
admin
503

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...

相关文章

shell.openExternal | Electron 安全
0
每日安全动态推送(5-8)
0
Lethal Injection: How We Hacked Microsoft’s Healthcare Chat Bot
0
使用 Microsoft Entra 临时访问通行证进行横向移动和本地 NT 哈希转储
0
漏洞挖掘 | 使用HaE与CaA组合挖掘高危漏洞
0
每日安全动态推送(5-7)
0
Java 应用安全之 JEB Floating License 绕过
0
代码审计之某高校通用系统getRequsetURI函数的三次鉴权绕过
0
C2 Cloud
0
Send()-ing Myself Belated Christmas Gifts – GitHub.com’s Environment Variables & GHES Shell
0