• Pentesting with Secure LDAP and LDAP Channel Binding:
https://rootsecdev.medium.com/pentesting-with-secure-ldap-and-ldap-channel-binding-fd5baa0f7345
・ 介绍了使用安全LDAP和LDAP通道绑定进行渗透测试的方法
– SecTodayBot
• oss-security - libarchive 3.7.4 released with 2 security fixes:
https://www.openwall.com/lists/oss-security/2024/06/04/2
・ libarchive 3.7.4发布了两个安全修复,其中一个是rar过滤器的越界访问漏洞,另一个是zip文件的越界访问漏洞。
– SecTodayBot
• Windows Rootkits Guide:
https://artemonsecurity.blogspot.com/2024/06/windows-rootkits-guide.html?m=1
・ 介绍了关于Windows内核和rootkits研究的内容
– SecTodayBot
• Urgent Security Update for Zyxel NAS Devices: Patches Available for Critical Flaws:
https://securityonline.info/urgent-security-update-for-zyxel-nas-devices-patches-available-for-critical-flaws/
・ Zyxel NAS设备的紧急安全更新,披露了设备中存在的严重漏洞
– SecTodayBot
• Molding Lies Into Reality || Exploiting CVE-2024-4358:
https://summoning.team/blog/progress-report-server-rce-cve-2024-4358-cve-2024-1800/
・ 该文章详细分析了对Telerik Report Server中的反序列化漏洞的利用方法,包括了披露新漏洞信息、根本原因分析、利用漏洞所需的Exploit
– SecTodayBot
• One Key Bug in OneKey Mini:
https://offside.io/blog/one-key-bug-in-onekey-mini
・ 发现了硬件钱包中的重大安全漏洞,包括Trezor、KeepKey和OneKey等知名硬件钱包制造商的漏洞,突出了硬件钱包存在的潜在风险
– SecTodayBot
• Exploiting Android's Hardened Memory Allocator:
https://www.usenix.org/conference/woot24/presentation/mao
・ 对Android的强化内存分配器进行利用
– SecTodayBot
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab