每日安全动态推送(07-13)

渗透技巧 2年前 (2022) admin
652 0 0
Tencent Security Xuanwu Lab Daily News


• [PDF] https://www.cristiandaniele.com/sources/Stateful_Fuzzing_survey_(INTERSECT).pdf:
https://www.cristiandaniele.com/sources/Stateful_Fuzzing_survey_(INTERSECT).pdf

   ・ Stateful Fuzzing 综述 – Jett


• Insecure Deserialization in JavaScript: GoogleCTF 2022 Web/HORKOS Writeup:
https://blog.huli.tw/2022/07/11/en/googlectf-2022-horkos-writeup/

   ・ GoogleCTF 2022 一道 JavaScript 反序列化漏洞题的 writeup – Jett


• V8 Sandbox – External Pointer Sandboxing – Google Docs:
https://docs.google.com/document/d/1V3sxltuFjjhp_6grGHgfqZNK57qfzGzme0QTk0IXDHk/edit#heading=h.xzptrog8pyxf

   ・ V8 Sandbox 关于内存裸露指针封装保护机制的介绍 – Jett


• Retbleed: Arbitrary Speculative Code Execution with Return Instructions – Computer Security Group:
https://comsec.ethz.ch/research/microarch/retbleed/

   ・ Retbleed: Arbitrary Speculative Code Execution with Return Instructions – Jett


• 零基础入门V8——理解通用利用链原理:
https://tttang.com/archive/1653/

   ・ 零基础入门V8——理解通用利用链原理 – lanying37


• From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud:
https://www.microsoft.com/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud/

   ・ 攻击者通过钓鱼攻击窃取 Cookie 等登录凭据,然后登录邮件系统进一步对目标组织发起攻击,来自微软的分析 – Jett


• Microsoft Azure Site Recovery DLL Hijacking | by James Sebree | Tenable TechBlog | Jul, 2022 | Medium:
https://medium.com/tenable-techblog/microsoft-azure-site-recovery-dll-hijacking-cd8cc34ef80c

   ・ Azure Site Recovery DLL 注入漏洞分析 – Jett


• How to secure Kubernetes deployment with signature verification:
https://sysdig.com/blog/secure-kubernetes-deployment-signature-verification/

   ・ 在 Kubernetes 管理部署容器的过程中引入签名验证保证安全性 – Jett


• nRF52 平台芯片电压毛刺注入绕过调试保护:
https://paper.seebug.org/1929/

   ・ nRF52 平台芯片电压毛刺注入绕过调试保护 – lanying37


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(07-13)

版权声明:admin 发表于 2022年7月13日 下午12:29。
转载请注明:每日安全动态推送(07-13) | CTF导航

相关文章

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...