每日安全动态推送(1-17)

Tencent Security Xuanwu Lab Daily News

• Analysis of FG-IR-22-398 – FortiOS - heap-based buffer overflow in SSLVPNd:
https://www.fortinet.com/blog/psirt-blogs/analysis-of-fg-ir-22-398-fortios-heap-based-buffer-overflow-in-sslvpnd

   ・ FG-IR-22-398 分析 – FortiOS - SSLVPNd 中基于堆的缓冲区溢出 – crazyman


• CVE-2021-31985: Exploiting the Windows Defender AsProtect Heap Overflow Vulnerability:
https://www.pixiepointsecurity.com/blog/nday-cve-2021-31985.html

   ・ Windows Defender AsProtect堆溢出漏洞的详细利用过程。 – Atum


• [Web] CSRF leads to account takeover in Yahoo!:
https://infosecwriteups.com/csrf-leads-to-account-takeover-in-yahoo-aa96c678d2aa?source=rss----7b722bfd1b8d---4

   ・ 通过一处CSRF漏洞接管Yahoo任意账户,笔者找到一处http patch方法的csrf漏洞,利用后端框架的问题覆盖成为任意http方法,最终实现修改任意账户密码等行为。 – P4nda


• [Fuzzing] Syzkaller Diving 01:
https://f0rm2l1n.github.io/2021-02-02-syzkaller-diving-01/

   ・ 深入解读syzkaller源码及其设计系列 – xmzyshypnc


• [Linux] r/netsec - [CVE-2023-0179] Linux kernel stack buffer overflow in nftables: PoC and writeup:
https://www.reddit.com/r/netsec/comments/10d98w1/cve20230179_linux_kernel_stack_buffer_overflow_in/

   ・ CVE-2023-0179 内核栈溢出POC以及详细分析。该漏洞可以通过覆盖栈上的变量来RCE。 – Atum


• [CTF] Hacking Redis for fun and CTF points | by Emil Lerner | Jan, 2023 | Medium:
https://medium.com/@emil.lerner/hacking-redis-for-fun-and-ctf-points-3450c351bec1

   ・ Bushwhackers关于rwctf的题目-hardened redis的Writeup – crazyman


• Real World CTF 5 - Teewars:
https://ctf0.de/posts/realworldctf5-teewars/

   ・ Real World CTF 5 - Teewars的解法 – crazyman


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(1-17)

版权声明:admin 发表于 2023年1月17日 上午9:52。
转载请注明:每日安全动态推送(1-17) | CTF导航

相关文章

暂无评论

暂无评论...