每日安全动态推送(04-13)

渗透技巧 2年前 (2022) admin
540 0 0
Tencent Security Xuanwu Lab Daily News


• CVE-2022-25165: Privilege Escalation to SYSTEM in AWS VPN Client:
https://rhinosecuritylabs.com/aws/cve-2022-25165-aws-vpn-client

   ・ Windows 版本 AWS VPN Client 被发现 SYSTEM 本地提权漏洞 – Jett


• [Windows] A Syscall Journey in the Windows Kernel:
https://alice.climent-pommeret.red/posts/a-syscall-journey-in-the-windows-kernel/

   ・ 探索Windows 内核中的系统调用之旅. – lanying37


• README.md:
https://github.com/trailofbits/maat

   ・ Maat – 一款开源符号执行和二进制分析框架 – Jett


• Understanding and Defending Against Reflective Code Loading on macOS:
https://slyd0g.medium.com/understanding-and-defending-against-reflective-code-loading-on-macos-e2e83211e48f

   ・ Understanding and Defending Against Reflective Code Loading on macOS – Jett


• ByteCodeDL原理篇之手把手教你实现污点分析:
https://tttang.com/archive/1541/

   ・ ByteCodeDL原理篇之手把手教你实现污点分析 – lanying37


• README.md:
https://github.com/slowmist/Blockchain-dark-forest-selfguard-handbook

   ・ 区块链黑暗森林自救手册 – Jett


• Round Two: An Updated Universal Deserialisation Gadget for Ruby 2.x-3.x:
https://devcraft.io/2022/04/04/universal-deserialisation-gadget-for-ruby-2-x-3-x.html

   ・ Round Two: An Updated Universal Deserialisation Gadget for Ruby 2.x-3.x  – Jett


• A Detailed Guide on AMSI Bypass:
https://www.hackingarticles.in/a-detailed-guide-on-amsi-bypass/

   ・ AMSI Bypass 的多种方法整理 – Jett


• Microsoft Zero-Days, Wormable Bugs Spark Concern:
https://threatpost.com/microsoft-zero-days-wormable-bugs/179273/

   ・ 微软发布 Windows 4 月份漏洞补丁,修复 128 个漏洞,其中 10 个高危 – Jett


• The State of Stalkerware in 2021:
https://securelist.com/the-state-of-stalkerware-in-2021/106193/

   ・ 卡巴斯基对 2021 年间谍监控软件现状的分析报告 – Jett


• [Web] Exploiting XSS with Javascript/JPEG Polyglot:
https://medium.com/@Medusa0xf/exploiting-xss-with-javascript-jpeg-polyglot-4cff06f8201a

   ・ Exploiting XSS with Javascript/JPEG Polyglot  – Jett


• New npm Flaws Let Attackers Better Target Packages for Account Takeover:
https://blog.aquasec.com/npm-supply-chain-attack

   ・ 由于 2FA 认证相关漏洞,NPM 软件包开发者存在 Account Takeover 威胁 – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(04-13)

版权声明:admin 发表于 2022年4月13日 下午12:26。
转载请注明:每日安全动态推送(04-13) | CTF导航

相关文章

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...