每日安全动态推送(05-18)

渗透技巧 2年前 (2022) admin
607 0 0
Tencent Security Xuanwu Lab Daily News


• Rari Capital 攻击事件的分析和复现:
https://paper.seebug.org/1903/

   ・ Rari Capital 攻击事件的分析和复现 – lanying37


• Description:
https://github.com/Bareflank/hypervisor

   ・ Bareflank Hypervisor – 一款轻量级的 Hypervisor SDK,用于快速在 64 位机器上快速构建 hypervisor – Jett


• [Web] Hacking Swagger-UI – from XSS to account takeovers:
https://www.vidocsecurity.com/blog/hacking-swagger-ui-from-xss-to-account-takeovers/

   ・ Hacking Swagger-UI – from XSS to account takeovers – Jett


• Stealing Google Drive OAuth tokens from Dropbox:
https://blog.stazot.com/stealing-google-drive-oauth-tokens-from-dropbox/

   ・ Stealing Google Drive OAuth tokens from Dropbox – Jett


• GitHub – lindsey98/Phishpedia: Official Implementation of “Phishpedia: A Hybrid Deep Learning Based Approach to Visually Identify Phishing Webpages” USENIX’21:
https://github.com/lindsey98/Phishpedia

   ・ Phishpedia – 利用深度学习的方案识别钓鱼 Web 页面 – Jett


• [Tools] emba, an analyzer for Linux-based firmware of embedded devices:
https://github.com/e-m-b-a/emba

   ・ emba – 嵌入式设备固件分析工具 EMBA 更新 v1.0 版本 – Jett


• HOW DO YOU ACTUALLY FIND BUGS?(译文):
https://tttang.com/archive/1597/

   ・ HOW DO YOU ACTUALLY FIND BUGS?(译文) – lanying37


• [PDF] https://i.blackhat.com/Asia-22/Thursday-Materials/AS-22-Qiuhao-Recursive-MMIO-final.pdf:
https://i.blackhat.com/Asia-22/Thursday-Materials/AS-22-Qiuhao-Recursive-MMIO-final.pdf

   ・ Hunting and Exploiting Recursive MMIO Flaws in QEMU/KVM,来自 BlackHat Asia 会议 – Jett


• Interactive decompilation with rellic-xref:
https://blog.trailofbits.com/2022/05/17/interactive-decompilation-with-rellic-xref/

   ・ rellic-xref – Rellic 是个将 LLVM Module 反编译为 C 代码的工具,rellic-xref 为 Rellic 提供了交互式使用的能力  – Jett


• Writing a simple rootkit for linux:
https://0x00sec.org/t/writing-a-simple-rootkit-for-linux/29034

   ・ 如何写一个简单的 Linux Rootkit – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(05-18)

版权声明:admin 发表于 2022年5月18日 上午11:32。
转载请注明:每日安全动态推送(05-18) | CTF导航

相关文章

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...