CTF导航 CTF导航

每日安全动态推送(08-11)

渗透技巧 2年前 (2022) admin
409 0 0
Tencent Security Xuanwu Lab Daily News


• How to Attack and Remediate Excessive Network Share Permissions in Active Directory Environments:
https://www.netspi.com/blog/technical/network-penetration-testing/network-share-permissions-powerhuntshares/

   ・ Active Directory 环境网络共享配置权限不当问题的分析和利用 – Jett


• Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling | PortSwigger Research:
https://portswigger.net/research/browser-powered-desync-attacks

   ・ Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling  – Jett


• Cisco Talos Intelligence Group – Comprehensive Threat Intelligence: Cisco Talos shares insights related to recent cyber attack on Cisco:
https://blog.talosintelligence.com/2022/08/recent-cyber-attack.html

   ・ 思科 Talos Lab 对思科 5 月份被黑事件的分析 – Jett


• The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part I):
https://googleprojectzero.blogspot.com/2022/08/the-quantum-state-of-linux-kernel.html

   ・ Linux 内核 GC 漏洞(CVE-2021-0920)的分析,该漏洞已有野外利用 – Jett


• building:
https://github.com/d4rckh/gorilla

   ・ gorilla – 用于生成密码字段的工具 – Jett


• [PDF] https://www.s3.eurecom.fr/docs/ccs22_fioraldi.pdf:
https://www.s3.eurecom.fr/docs/ccs22_fioraldi.pdf

   ・ LibAFL: A Framework to Build Modular and Reusable Fuzzers  – Jett


• [Vulnerability] CVE-2022-22252: Huawei HWLog Vmalloc Use-After-Free:
https://labs.taszk.io/blog/post/79_hw_hwlog_uaf/

   ・ CVE-2022-22252: Huawei HWLog Vmalloc Use-After-Free – Jett


• From Shared Dash to Root Bash :: Pre-Authenticated RCE in VMWare vRealize Operations Manager:
https://srcincite.io/blog/2022/08/09/from-shared-dash-to-root-bash-pre-authenticated-rce-in-vmware-vrealize-operations-manager.html

   ・ VMWare vRealize Operations Manager Pre-Authenticated RCE 漏洞的分析 – Jett


• [Tools] Microsoft Office to publish symbols starting August 2022:
https://msrc-blog.microsoft.com/2022/08/08/microsoft-office-to-publish-symbols-starting-august-2022/

   ・ 8 月份开始,微软将公开 Office 的调试符号 – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(08-11)

版权声明:admin 发表于 2022年8月11日 下午12:39。
转载请注明:每日安全动态推送(08-11) | CTF导航

相关文章

Exploiting Hardcoded Keys to achieve RCE in Yellowfin BI
admin
573
每周蓝军技术推送(2024.2.24-3.1)
admin
51
PXEThief – 利用 Windows 的终端部署功能 SCCM 导出密码
admin
498
【最新漏洞预警】Zoho ManageEngine Admanager Plus 任意文件上传漏洞可GetShell
admin
1,038
每日安全动态推送(06-08)
admin
713
实战|无回显Rce到Getshell
admin
1,135

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...

相关文章

每日安全动态推送(4-28)
0
[代码审计] 某盗U/发卡系统 不知道是几day
0
Cookie-Monster – BOF To Steal Browser Cookies & Credentials
0
How Did I Easily Find Stored XSS at Apple And Earn $5000 ?
0
How I Discovered an RCE Vulnerability in Tesla, Securing a $10,000 Bounty
0
pgAdmin 8.3 Remote Code Execution
0
How I Prevented a Mass Data Breach – $15,000 bounty – @bxmbn
0
The Windows Registry Adventure #1: Introduction and research results
0
使用 VIM 进行代码审计
0
Progress Flowmon 任意命令执行漏洞 CVE-2024-2389
0