Tencent Security Xuanwu Lab Daily News
• [Wireless] A Survey of Bluetooth Vulnerabilities Trends (2023 Edition):
https://i5c.us/d29522
・ 蓝牙漏洞趋势预测。近几年蓝牙漏洞的数量呈上升趋势。
– keenan
• [Tools] BypassAV:
https://github.com/CMEPW/BypassAV
・ 一个如何绕过Antivirus的知识思维导图。
– Atum
• [Tools] Attacking and securing Docker containers:
https://infosecwriteups.com/attacking-and-securing-docker-containers-cc8c80f05b5b?source=rss—-7b722bfd1b8d—4
・ 常见的 Docker 攻防策略,通俗易懂。
– ThomasonZhao
• Discovering a weakness leading to a partial bypass of the login rate limiting in the AWS Console : netsec:
https://www.reddit.com/r/netsec/comments/10w5prw/discovering_a_weakness_leading_to_a_partial/
・ AWS Console的身份认证次数限制存在缺陷,通过多线程即可提升密码爆破速度。
– keenan
• [Network] Cloudflare’s handling of a bug in interpreting IPv4-mapped IPv6 addresses:
https://blog.cloudflare.com/cloudflare-handling-bug-interpreting-ipv4-mapped-ipv6-addresses/
・ 一个很有趣的漏洞,由于golang库和cloudflare黑名单机制的共同问题,导致了cloudflare的worker可以通过构造一个由IPv4扩展而来的IPv6地址来进行SSRF。
– Atum
• r/netsec – NETGEAR Nighthawk upnpd Pre-authentication Buffer Overflow:
https://www.reddit.com/r/netsec/comments/10vy3iq/netgear_nighthawk_upnpd_preauthentication_buffer/
・ Netgear R7000P router的upnpd server存在栈溢出漏洞,原因是sprintf的输出buffer长度没有检查。
– keenan
• [Android] Converting Your Android Smartphone into Penetration Testing Device:
https://gbhackers.com/use-android-penetration-testing/
・ 讲了如何将Android手机打造成渗透测试的实验设备,并在上面安装nmap,bettercap等工具。
– Atum
• I Built a Self-Destructing USB Drive Part 3:
https://interruptlabs.ca/2023/02/06/I-Built-a-Self-Destructing-USB-Drive-Part-3/
・ 讲述如何构建一个自毁的USB设备
– Atum
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(2-8)
