Tencent Security Xuanwu Lab Daily News
• 软件供应链来源攻击分析报告:
https://mp.weixin.qq.com/s/aEU2E3Xt0-9tJ4TPpjAGkQ
・ 软件供应链来源攻击分析报告
– Jett
• All your tracing are belong to BPF:
https://blog.trailofbits.com/2021/11/09/all-your-tracing-are-belong-to-bpf/
・ All your tracing are belong to BPF
– Jett
• Thick Client Penetration Testing Methodology:
https://www.cyberark.com/resources/threat-research-blog/thick-client-penetration-testing-methodology
・ Thick Client Penetration Testing Methodology
– Jett
• Becoming A Super Admin In Someone Elses Gsuite Organization And Taking It Over:
https://secreltyhiddenwriteups.blogspot.com/2021/11/becoming-super-admin-in-someone-elses.html
・ Google Gsuite 超级管理员账户接管漏洞的分析
– Jett
• Unboxing BusyBox – 14 new vulnerabilities uncovered by Claroty and JFrog | JFrog:
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
・ 嵌入式 Linux 的瑞士军刀 BusyBox 被发现 14 个漏洞
– Jett
• CookieMonster:
https://github.com/iangcarroll/cookiemonster/
・ CookieMonster – 用于自动化篡改 Cookie 挖掘漏洞的工具
– Jett
• GitHub – zeronetworks/rpcfirewall:
https://github.com/zeronetworks/rpcfirewall
・ RPC Firewall – 一款检测 Windows RPC 漏洞利用攻击的工具
– Jett
• 深入研究 Snake Keylogger 的新变种恶意软件:
http://paper.seebug.org/1752/
・ 深入研究 Snake Keylogger 的新变种恶意软件溯源.
– lanying37
• 主流供应商的一些攻击性漏洞汇总:
https://github.com/r0eXpeR/supplier
・ 主流供应商的一些攻击性漏洞汇总 .
– lanying37
• GitHub – stong/infosec-resources: A list of helpful cybersecurity / infosec resources:
https://github.com/stong/infosec-resources
・ 信息安全相关的有些资料链接
– Jett
• The Invisible JavaScript Backdoor – Certitude Blog:
https://certitude.consulting/blog/en/invisible-backdoor/
・ 用 JavaScript 写一个不容易被发现的后门
– Jett
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(11-10)