每日安全动态推送(11-16)
2023-11-16 09:45:14 Author: mp.weixin.qq.com(查看原文) 阅读量:0 收藏

Tencent Security Xuanwu Lab Daily News

• Apple, an Airport, 802.11 Channel Flags, and Some Binary:
https://pansift.com/blog/apple-an-airport-80211-channel-flags-and-some-binary/

   ・ 苹果M2芯片支持6GHz RF(射频)频谱的Wi-Fi,这篇文章介绍了一些关于数据包捕获、自定义位掩码以及如何确定Mac周围的WLAN频段和信道宽度的逆向工程技术 – SecTodayBot

• CVE-2023-46850: OpenVPN Access Server Flaw Exposes Sensitive Data, RCE Possible:
https://securityonline.info/cve-2023-46850-openvpn-access-server-flaw-exposes-sensitive-data-rce-possible/

   ・ CVE-2023-46850,OpenVPN Access Server存在漏洞,可能导致敏感数据泄露和远程代码执行。 – SecTodayBot

• [PATCH RFC 00/20] Setting up Binder for the future - Alice Ryhl:
https://lore.kernel.org/lkml/[email protected]/

   ・ Android决定使用Rust重写Binder – SecTodayBot

• HTB: Download:
https://0xdf.gitlab.io/2023/11/11/htb-download.html

   ・ 这篇文章介绍了一个云文件存储解决方案,通过发现文件读取漏洞、ORM注入和密码哈希破解等多个漏洞,最终实现了获取SSH权限和以root身份执行命令的攻击过程。 – SecTodayBot

• Adversarial Attacks on LLMs:
https://lilianweng.github.io/posts/2023-10-25-adv-attack-llm/

   ・ 本文介绍了对大型语言模型进行对抗攻击的几种方法,包括令牌操作、语义等价规则等 – SecTodayBot

• A step-by-step Android penetration testing guide for beginners:
https://infosecwriteups.com/a-step-by-step-android-penetration-testing-guide-for-beginners-8435e5e969a3?source=rss----7b722bfd1b8d---4

   ・ 作为一名安全分析师和漏洞赏金猎人,我将与大家分享我的Android渗透测试经验,包括静态分析和动态分析等关键组成部分,以揭示Android应用程序的潜在安全漏洞和弱点。 – SecTodayBot

• 💥 TL/DR: Chain everything together:
https://mizu.re/post/intigriti-october-2023-xss-challenge

   ・ 这篇文章介绍了如何利用mutation XSS攻击绕过DOMPurify的限制,以及如何通过--disable-web-security标志与devtools debug port进行通信。 – SecTodayBot

• GitHub - LucasPDiniz/403-Bypass: Bypass 403 pages:
https://github.com/LucasPDiniz/403-Bypass

   ・ 了解如何绕过403禁止访问错误,通过更改HTTP头和URL路径等技术手段,成功访问被限制的资源。 – SecTodayBot

* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


文章来源: https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651959426&idx=1&sn=e25b4f9ed6c766680d8886ba759e62eb&chksm=8baed01dbcd9590b15b4d9ecc47daa816d5d9310602d05c80f63df0ac3e8af7ddfae3c53a0d3&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh