每日安全动态推送(04-26)

渗透技巧 2年前 (2022) admin
701 0 0
Tencent Security Xuanwu Lab Daily News


• Check Point Research detects vulnerability in the Everscale blockchain wallet, preventing cryptocurrency theft:
https://research.checkpoint.com/2022/check-point-research-detects-vulnerability-in-the-everscale-blockchain-wallet-preventing-cryptocurrency-theft/

   ・ Everscale 区块链的 Web 版本钱包 Ever Surf 被发现可以通过 XSS 漏洞窃取密钥 – Jett


• KrbRelayUp:
https://github.com/Dec0ne/KrbRelayUp

   ・ KrbRelayUp – 不开启 LDAP signing 的条件下实现域环境提权 – Jett


• ZoneAlarmLPE:
https://github.com/Wh04m1001/ZoneAlarmLPE

   ・ ZoneAlarm 反病毒软件目录权限设置不当,可以被用于 SYSTEM 提权 – Jett


• Awesome Cloud Security 云安全资源汇总:
https://github.com/teamssix/awesome-cloud-security

   ・ 国内云安全资源汇总. – lanying37


• GitHub – xiaoy-sec/Pentest_Note: 渗透测试常规操作记录:
https://github.com/xiaoy-sec/Pentest_Note

   ・ 一份非常详细的渗透测试资料 – Jett


• CVE-2022-24521: Analysing and Exploiting the Windows Common Log File System (CLFS) Logical-Error Vulnerability:
https://www.pixiepointsecurity.com/blog/nday-cve-2022-24521.html

   ・ Windows CLFS 驱动 CVE-2022-24521 漏洞的分析和利用 – Jett


• CodeQL能找到log4shell(CVE-2021-44228)漏洞吗?:
https://tttang.com/archive/1570/

   ・ CodeQL能找到log4shell(CVE-2021-44228)漏洞吗? – lanying37


• x64dbg System Breakpoint Explained:
https://youtu.be/vdyyg72tc2w

   ・ x64dbg 调试系统断点教程视频. – lanying37


• slides/Old School, New Story–Escape from Hyper-V by Path Traversal.pdf:
https://github.com/474172261/slides/blob/main/Old%20School%2C%20New%20Story–Escape%20from%20Hyper-V%20by%20Path%20Traversal.pdf

   ・ Old School, New Story–Escape from Hyper-V by Path Traversal,来自 VictorV 在 ZeroCon 2022 会议的演讲 – Jett


• Expanding Apple Ecosystem Access with Open Source, Multi Platform Code Signing:
https://gregoryszorc.com/blog/2022/04/25/expanding-apple-ecosystem-access-with-open-source,-multi-platform-code-signing/

   ・ apple-codesign – 有研究员实现了一套在非 Apple 系统上运行的 Apple 代码签名工具 – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(04-26)

版权声明:admin 发表于 2022年4月26日 下午12:32。
转载请注明:每日安全动态推送(04-26) | CTF导航

相关文章

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...