每日安全动态推送(07-08)

渗透技巧 2年前 (2022) admin
784 0 0
Tencent Security Xuanwu Lab Daily News


• 2022虎符_vdq(rust_cve)详解:
https://tttang.com/archive/1585/

   ・ 2022虎符_vdq(rust_cve)详解 – lanying37


• [Tools] Automating binary vulnerability discovery with Ghidra and Semgrep – hn security:
https://security.humanativaspa.it/automating-binary-vulnerability-discovery-with-ghidra-and-semgrep/

   ・ 整合 Ghidra 的反编译功能和 Semgrep 的代码扫描能力,实现二进制漏洞的自动化挖掘 – Jett


• [Machine Learning] Whitepaper – Practical Attacks on Machine Learning Systems:
https://research.nccgroup.com/2022/07/06/whitepaper-practical-attacks-on-machine-learning-systems/

   ・ 针对机器学习系统的安全攻击实战 – Jett


• 0xFF Prologue:
https://n132.github.io/2022/07/04/S2.html

   ・ Google CTF 2022 Sandbox Escape 题的 writeup – Jett


• [Malware] Black Basta Ransomware Operators Expand Their Attack Arsenal With QakBot Trojan and PrintNightmare Exploit:
https://research.trendmicro.com/3OA8H10

   ・ Black Basta 勒索软件将 PrintNightmare 漏洞 Exploit 集成进自己的攻击套件 – Jett


• [Malware] Brand-New HavanaCrypt Ransomware Poses as Google Software Update App Uses Microsoft Hosting Service IP Address as C&C Server:
https://research.trendmicro.com/3AvsM4A

   ・ 全新勒索软件 HavanaCrypt 伪造成 Google 更新套件,借助微软的 Web 托管服务伪装 C&C 服务器 – Jett


• Rolling Pwn Attack:
https://rollingpwn.github.io/rolling-pwn/

   ・ 本田汽车的无钥匙进入系统被发现 “Rolling Pwn Attack”,滚动码机制存在缺陷,可以远程控制车辆 – Jett


• [Vulnerability] SSD Advisory – Froxlor Server Management Panel File Upload Filter Bypass and RCE – SSD Secure Disclosure:
https://ssd-disclosure.com/ssd-advisory-froxlor-server-management-panel-file-upload-filter-bypass-and-rce/

   ・ Froxlor Server 服务器管理面板被发现 root 命令执行漏洞 – Jett


• GitHub – GhostPack/Koh: The Token Stealer:
https://github.com/GhostPack/Koh

   ・ Koh – 通过 “Internal Monologue Attack” 窃取 Windows 认证凭据的工具 – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(07-08)

版权声明:admin 发表于 2022年7月8日 下午12:09。
转载请注明:每日安全动态推送(07-08) | CTF导航

相关文章

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...