• Application is Vulnerable to Session Fixation:
https://seclists.org/fulldisclosure/2024/Mar/42
・ 介绍了一个名为“应用程序易受会话固定”的漏洞
– SecTodayBot
• 31_round_sha256_poc.py:
https://gist.github.com/DavidBuchanan314/aa9ab4265fe402ab86399b5f9da82888
・ 介绍了 SHA-256 碰撞的新方法,并涉及到 FSE2024 会议的内容。
– SecTodayBot
• CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog:
https://securityaffairs.com/161134/security/cisa-microsoft-sharepoint-known-exploited-vulnerabilities-catalog.html
・ CISA公开披露了Microsoft SharePoint Server的代码注入漏洞,该漏洞在Pwn2Own Vancouver 2023黑客大赛中被演示
– SecTodayBot
• Gal Elbaz, Guy Kaplan- Discovering Shadow Vulnerabilities in Popular Open Source Projects DEF CON 31:
https://www.youtube.com/watch?v=tQEkqgOMA8Q&t=822s
・ 介绍了在知名开源项目中发现影子漏洞的相关内容,包括了在 DEF CON 31 大会上的演讲
– SecTodayBot
• SSRF leads to access AWS metadata.:
https://infosecwriteups.com/ssrf-leads-to-access-aws-metadata-21952c220aeb
・ 介绍了SSRF(服务器端请求伪造)攻击如何导致访问AWS元数据的漏洞,并提供了详细的分析和利用漏洞的POC(验证概念)。
– SecTodayBot
・ 本文介绍了Linux内核中io_uring的一个use-after-free漏洞CVE-2024-0582
– SecTodayBot
• Weblogic/Weblogic_Serialization_Vulnerability_and_IIOP_Protocol_en_US.md at main · gobysec/Weblogic:
https://github.com/gobysec/Weblogic/blob/main/Weblogic_Serialization_Vulnerability_and_IIOP_Protocol_en_US.md
・ 重点讨论了Weblogic序列化漏洞和IIOP协议,提供了CVE-2023-21839漏洞的详细分析和利用POC。
– SecTodayBot
• Abusing MiniFilter Altitude to blind EDR:
https://tierzerosecurity.co.nz/2024/03/27/blind-edr.html
・ 通过滥用 minifilter altitude,可以绕过 EDR 解决方案的检测。文章介绍了如何利用注册表修改来绕过 EDR 的技术。
– SecTodayBot
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号: 腾讯玄武实验室
https://weibo.com/xuanwulab