CTF导航 CTF导航

每日安全动态推送(04-12)

渗透技巧 2年前 (2022) admin
635 0 0
Tencent Security Xuanwu Lab Daily News


• Tech Community Live: Windows security:
https://youtu.be/xvzM1xRFfmY

   ・ 技术社区在线会议视频:探讨Windows11的安全问题 – lanying37


• Automatically extracting static antivirus signatures:
https://blog.scrt.ch/2022/04/05/automatically-extracting-static-antivirus-signatures/

   ・ 自动化提取防病毒软件的静态检测特征以实现检测逃逸 – Jett


• 漂亮侧信道:从timeless attack到pipeline的放大攻击:
https://mp.weixin.qq.com/s/N6CWX9ZVnbyeYBIibwb0SA

   ・ 漂亮侧信道:从timeless attack到pipeline的放大攻击 – Jett


• [Linux] Introduction to Exploit Development:
https://samsclass.info/127/ED_2020.shtml

   ・ Introduction to Exploit Development – lanying37


• CVE-2022-22965: Analyzing the Exploitation of Spring4Shell Vulnerability in Weaponizing and Executing the Mirai Botnet Malware:
https://www.trendmicro.com/en_us/research/22/d/cve-2022-22965-analyzing-the-exploitation-of-spring4shell-vulner.html

   ・ 趋势对 Spring4Shell CVE-2022-22965 漏洞真实攻击样本的分析 – Jett


• AWS RDS Vulnerability Leads to AWS Internal Service Credentials:
https://blog.lightspin.io/aws-rds-critical-security-vulnerability

   ・ 利用 AWS RDS EC2 实例的本地文件读漏洞窃取 AWS 内部服务的密钥 – Jett


• NTLMquic:
https://blog.xpnsec.com/ntlmquic/

   ・ Windows 支持的 SMB over QUIC 在攻击中的使用 – Jett


• Meta’s SparkAR RCE Via ZIP Path Traversal:
https://blog.fadyothman.com/metas-sparkar/

   ・ Meta 的 Spark AR Windows 应用被发现 RCE 漏洞 – Jett


• [PDF] https://shadowmydx.github.io/papers/icse22-main-1314.pdf:
https://shadowmydx.github.io/papers/icse22-main-1314.pdf

   ・ One Fuzzing Strategy to Rule Them All(Paper) – Jett


• [Windows] Chief Information Security Officer (CISO) Workshop – Security documentation:
http://ow.ly/8Dwu30qKq7J

   ・ 微软推出的 CISO Workshop 培训的资料 – Jett


• Pwning the bcm61650 – The Cave:
https://blog.xilokar.info/pwning-the-bcm61650.html

   ・ Pwning the bcm61650 – Jett


• Semgrep ruleset for C/C++ vulnerability research:
https://security.humanativaspa.it/semgrep-ruleset-for-c-c-vulnerability-research/

   ・ Semgrep ruleset for C/C++ vulnerability research – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(04-12)

版权声明:admin 发表于 2022年4月12日 下午12:28。
转载请注明:每日安全动态推送(04-12) | CTF导航

相关文章

攻击技术研判 | 基于VMware组件的新“白加黑”利用技术
admin
450
另类的免杀绕过-远程工具
admin
329
初识Java内存马检测
admin
1,079
Malware AV/VM evasion – part 15: WinAPI GetModuleHandle implementation. Simple C++ example.
admin
390
基于任务编排的漏扫实现(asm项目)
admin
424
CS:GO: From Zero to 0-day
admin
408

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...

相关文章

EvilGophish’s Approach to Advanced Bot Detection with Cloudflare Turnstile
0
CreateRCE — Yet Another Vulnerability in CreateUri
0
BGPWatch — BGP路由分析和诊断平台
0
进程命令行参数欺骗
0
内容劫持 | Electron 安全
0
凭据获取之浏览器
0
实战环境中的Redis 延时注入
0
每日安全动态推送(4-18)
0
漏洞挖掘 | DreamerCMS RCE (CVE-2024-3311)
0
Weblogic RCE(CVE-2024-21006)
0