每日安全动态推送(5-27)
2024-5-27 12:26:35 Author: mp.weixin.qq.com(查看原文) 阅读量:2 收藏

Tencent Security Xuanwu Lab Daily News

• Inside the iOS bug that made deleted photos reappear:
https://www.synacktiv.com/publications/inside-the-ios-bug-that-made-deleted-photos-reappear

   ・ 报道了iOS系统中的一个漏洞,并详细分析了漏洞的出现原因以及苹果是如何修复这一问题的。 – SecTodayBot

• PoolParty - A Set Of Fully-Undetectable Process Injection Techniques Abusing Windows Thread Pools:
https://www.kitploit.com/2024/05/poolparty-set-of-fully-undetectable.html

   ・ 介绍了一种全新的利用Windows线程池的进程注入技术,该技术在黑帽欧洲2023年研讨会上进行了介绍。 – SecTodayBot

• Injecting code into PPL processes without vulnerable drivers on Windows 11:
https://blog.slowerzs.net/posts/pplsystem/

   ・ Windows 11的新特性允许绕过保护措施,使用特定的系统调用可以在内核dump中捕获用户模式页面 – SecTodayBot

• oss-security - path traversal in tar extract in intel cve-bin-tool:
https://www.openwall.com/lists/oss-security/2024/05/26/1

   ・ 介绍了CVE Binary Tool中的路径遍历漏洞 – SecTodayBot

• Slowerzs/PPLSystem:
https://github.com/Slowerzs/PPLSystem?tab=readme-ov-file

   ・ 介绍了一种利用COM远程控制注入其他进程的新方法 – SecTodayBot

• 35C3 - The Layman's Guide to Zero-Day Engineering:
https://www.youtube.com/watch?si=11bncvJqYZF3tJ4J&v=WbuGMs2OcbE&feature=youtu.be

   ・ 强调了对零日漏洞的发现、分析和利用 – SecTodayBot

• V8 Sandbox - Embedder Pointer Sandboxing:
https://docs.google.com/document/d/14m6CjJYaTFEmEq7czOOL5iqzMe72Owyy3PmxKdgaAms/edit?usp=sharing

   ・ V8沙盒-嵌入式指针沙盒技术相关的文章 – SecTodayBot

• DNSBomb: New DDoS Attack Explodes DNS Traffic, Threatening Critical Internet Infrastructure:
https://securityonline.info/dnsbomb-new-ddos-attack-explodes-dns-traffic-threatening-critical-internet-infrastructure/

   ・ DNSBomb是一种新型的DDoS攻击方法,利用DNS流量来淹没和瘫痪在线服务,对现有DDoS攻击格局有重大影响。 – SecTodayBot

• #NahamCon2024: Modern WAF Bypass Techniques on Large Attack Surfaces:
https://www.youtube.com/watch?v=0OMmWtU2Y_g&feature=youtu.be

   ・ 介绍了现代WAF绕过技术,涉及到新的漏洞信息披露和WAF绕过漏洞的详细分析。文章主要讨论了在NahamCon2024会议上的演讲,涉及了新的模糊测试方法。 – SecTodayBot

* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号: 腾讯玄武实验室
https://weibo.com/xuanwulab


文章来源: https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651959652&idx=1&sn=f925a790f67f33a1e516f8e84fd03d7e&chksm=8baed1fbbcd958ed846d053a1523ee296c35382460c52e9d752c268803add4d1263b915566c7&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh