每日安全动态推送(06-15)

渗透技巧 2年前 (2022) admin
615 0 0
Tencent Security Xuanwu Lab Daily News


• [Fuzzing] [PDF] https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-de-ruiter.pdf:
https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-de-ruiter.pdf

   ・ Protocol State Fuzzing of TLS Implementations – Jett


• Router security report 2021:
https://securelist.com/router-security-2021/106711/?reseller=usa_regular-sm_acq_ona_smm__onl_b2c_twi_post_sm-team______&utm_source=twitter&utm_medium=social&utm_campaign=us_regular-sm_en0177&utm_content=sm-post&utm_term=us_twitter_organic_177bnl1zdlynfec

   ・ 2021 年的路由器安全报告总结 – lanying37


• CVE-2022-25845 – Fastjson RCE vulnerability analysis:
https://jfrog.com/blog/cve-2022-25845-analyzing-the-fastjson-auto-type-bypass-rce-vulnerability/

   ・ Fastjson “Auto Type Bypass” RCE 漏洞分析(CVE-2022-25845) – Jett


• [Browser] Bypassing CSP with dangling iframes:
https://portswigger.net/research/bypassing-csp-with-dangling-iframes

   ・ Bypassing CSP with dangling iframes – Jett


• SBOM in Action: finding vulnerabilities with a Software Bill of Materials:
http://security.googleblog.com/2022/06/sbom-in-action-finding-vulnerabilities.html

   ・ 基于软件资产清单(SBOM)在 Kubernetes 项目中检测漏洞 – Jett


• An Autopsy on a Zombie In-the-Wild 0-day:
https://googleprojectzero.blogspot.com/2022/06/an-autopsy-on-zombie-in-wild-0-day.html

   ・ Safari 2013 年漏洞修复后由于项目代码重构 2016 年出现变种,该漏洞变种(CVE-2022-22620)今年被发现野外利用 – Jett


• Hertzbleed Attack:
https://www.hertzbleed.com/

   ・ Hertzbleed – x86 处理器动态主频的侧信道攻击,攻击成功甚至可以远程泄露加密密钥 – Jett


• HyperDbg’s One Thousand and One Nights | Rayanfam Blog:
https://rayanfam.com/topics/hyperdbg-one-thousand-and-one-nights/

   ・ HyperDbg 调试器背后的一些设计理念 – Jett


• A Survey of Windows RPC Discovery Tools | clearbluejar:
https://clearbluejar.github.io/posts/surveying-windows-rpc-discovery-tools/

   ・ Windows RPC 研究工具调研 – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(06-15)

版权声明:admin 发表于 2022年6月15日 下午12:26。
转载请注明:每日安全动态推送(06-15) | CTF导航

相关文章

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...