• Headerpwn - A Fuzzer For Finding Anomalies And Analyzing How Servers Respond To Different HTTP Headers:
https://www.kitploit.com/2024/05/headerpwn-fuzzer-for-finding-anomalies.html?utm_source=dlvr.it&utm_medium=twitter
・ Headerpwn是一个用于查找异常并分析服务器如何响应不同HTTP标头的模糊测试工具。
– SecTodayBot
• Conference talk: "Javascript Engines Vulnerability Research: State of the Art":
https://www.youtube.com/watch?si=o7obpyrU8aMjdoCh&v=YpsfQl0V_3k&feature=youtu.be
・ 关于JavaScript引擎漏洞研究的会议演讲
– SecTodayBot
• joomla的反序列化深入分析 - 先知社区:
https://xz.aliyun.com/t/14661?time__1311=mqmx9QDtDQ0QD%3DeDsdoYK0%3Dgcwqfxuu7rD
・ 介绍了Joomla内容管理系统中的多个漏洞
– SecTodayBot
• GitHub - reveng007/reveng_rtkit: Linux Loadable Kernel Module (LKM) based rootkit (ring-0), capable of hiding itself, processes/implants, rmmod proof, has ability to bypass infamous rkhunter antirootkit.:
https://github.com/reveng007/reveng_rtkit
・ 介绍了针对Linux Kernel 5.11.0-49-generic的Loadable Kernel模块的rootkit,提供了与该rootkit交互的POC,并介绍了如何隐藏/显示运行中的进程。
– SecTodayBot
• On the Reliability of Coverage-Based Fuzzer Benchmarking:
https://www.youtube.com/watch?v=LCrtSt8MBXc&feature=youtu.be
・ 讨论了基于覆盖率的模糊测试基准的可靠性
– SecTodayBot
• A bug hunter's reflections on fuzzing:
https://www.youtube.com/watch?v=wTbFmdx7wG8
・ 讨论了关于fuzz testing的新方法和工具,以及一个漏洞猎人对此的反思
– SecTodayBot
• Garnet. Does Microsoft's cache -store also store bugs?:
https://pvs-studio.com/en/blog/posts/csharp/1124/?utm_source=firefly&utm_medium=twitter
・ 微软推出了Garnet,一个用C#编写的开源、跨平台、快速缓存存储项目。文章介绍了使用PVS-Studio静态分析器对Garnet项目源代码进行分析,发现了潜在的漏洞。
– SecTodayBot
• CVE-2024-30043: Abusing URL Parsing Confusion to Exploit XXE on SharePoint Server and Cloud:
https://www.zerodayinitiative.com/blog/2024/5/29/cve-2024-30043-abusing-url-parsing-confusion-to-exploit-xxe-on-sharepoint-server-and-cloud
・ 披露了在SharePoint中发现的XXE漏洞CVE-2024-30043,包括了漏洞的根本原因、利用方式以及与Pwn2Own等知名比赛的关联
– SecTodayBot
• Check Point - Wrong Check Point (CVE-2024-24919):
https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/
・ 揭示了Check Point的SSLVPN设备中的漏洞CVE-2024-24919,并对漏洞的根本原因进行了详细分析。
– SecTodayBot
• mXSS: The Vulnerability Hiding in Your Code:
https://www.sonarsource.com/blog/mxss-the-vulnerability-hiding-in-your-code/?s_category=Organic&s_origin=twitter&s_source=Social+Media&utm_campaign=research&utm_content=blog-mxss-the-vulnerability-hiding-in-your-code-240528-&utm_medium=social&utm_source=twitter&utm_term=
・ 讨论了变异型跨站脚本(mXSS)攻击,介绍了HTML的宽容性以及对攻击的影响,涉及了Insomnihack 2024大会的相关演讲。
– SecTodayBot
• Technical Details Released for Check Point Remote Access VPN 0-Day Flaw:
https://securityonline.info/technical-details-released-for-0-day-check-point-remote-access-vpn-flaw/
・ Check Point的远程访问VPN设备存在0-Day漏洞(CVE-2024-24919),文章详细披露了该漏洞的根本原因和利用方式
– SecTodayBot
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号: 腾讯玄武实验室
https://weibo.com/xuanwulab