每日安全动态推送(1-31)

Tencent Security Xuanwu Lab Daily News

• Technical Advisory – U-Boot – Unchecked Download Size and Direction in USB DFU (CVE-2022-2347):
https://research.nccgroup.com/2023/01/20/technical-advisory-u-boot-unchecked-download-size-and-direction-in-usb-dfu-cve-2022-2347/

   ・  U-Boot – USB DFU 中未经检查所接收内容的大小和来源造成堆栈溢出 (CVE-2022-2347) – crazyman

• [Browser] b3typer – bi0sCTF 2022:
https://blog.bi0s.in/2023/01/23/Pwn/bi0sCTF22-b3typer/

   ・ bi0sCTF 2022 jsc题目b3typer的offical writeup – crazyman

• CVE-2022-42864 – Diabolical Cookies:
https://muirey03.blogspot.com/2023/01/cve-2022-42864-diabolical-cookies.html

   ・ CVE-2022-42864:IOHIDFamily中的一个TOCTOU的writeup和poc – crazyman

• [Vulnerability] Inglourious Drivers – A Journey of Finding Vulnerabilities in Drivers:
https://www.cyberark.com/resources/threat-research-blog/inglourious-drivers-a-journey-of-finding-vulnerabilities-in-drivers

   ・ 介绍了作者以一种意外的方式发现并找到 WinIO 内核驱动栈溢出漏洞。并展示了利用此漏洞为根基，攻击某外围设备厂商的驱动，并最终执行任意内核代码的全过程。 – ThomasonZhao

• [CTF] idekCTF2022 – Coroutine Writeup:
https://kiprey.github.io/2023/01/idek_coroutine/

   ・ idekCTF2022 – Pwn题目 Coroutine 的详细Writeup – crazyman

• [Tools] HTB: UpDown:
https://0xdf.gitlab.io/2023/01/21/htb-updown.html

   ・ HTB: UpDown Writeup – crazyman

• [Vulnerability] The toddler’s introduction to Heap Exploitation, Unsafe Unlink(Part 4.3):
https://infosecwriteups.com/the-toddlers-introduction-to-heap-exploitation-unsafe-unlink-part-4-3-75e00e1b0c68

   ・ 入门级堆利用教学系列，目前共发布7篇 – ThomasonZhao

• A step-by-step introduction to the use of ROP gadgets to bypass DEP – CYBER GEEKS:
https://cybergeeks.tech/a-step-by-step-introduction-to-the-use-of-rop-gadgets-to-bypass-dep/

   ・ 手把手教你如何用 ROP 绕过数据执行保护（Data Execution Prevention，DEP）。利用 QuoteDB 在 Windows 平台上进行调试教学。 – ThomasonZhao

• Dissecting and Exploiting TCP/IP RCE Vulnerability “EvilESP”:
https://securityintelligence.com/posts/dissecting-exploiting-tcp-ip-rce-vulnerability-evilesp/

   ・ 详细分析 TCP/IP RCE（CVE-2022-34718）漏洞包含其逆向补丁,协议的所有细节过程,包括纠正Numen Cyber Labs blog中的一些不准确的地方.并成功实现dos.以及概述讲解如何将原语转换为后续rce的一些步骤 – crazyman

• Attackers Crafted Custom Malware for Fortinet Zero-Day:
https://www.darkreading.com/threat-intelligence/china-based-attacker-crafted-custom-malware-for-fortinet-zero-day

   ・ 黑客针对 Fortinet 零日漏洞（CVE-2022-42475）制作恶意软件后门：BoldMove – ThomasonZhao

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab

原文始发于微信公众号（腾讯玄武实验室）：每日安全动态推送(1-31)