每日安全动态推送(7-8)
2024-7-8 18:15:30 Author: mp.weixin.qq.com(查看原文) 阅读量:0 收藏

Tencent Security Xuanwu Lab Daily News

• Pwning a Brother labelmaker, for fun and interop!:
https://sdomi.pl/weblog/20-pwning-a-labelmaker/

   ・ 介绍了作者发现并利用Brother标签打印机中的漏洞的过程 – SecTodayBot

• EgeBalci/deoptimizer: Machine code de-optimizer.:
https://github.com/EgeBalci/deoptimizer

   ・ 介绍了一种机器码去优化器,通过转换/变异机器码指令以绕过安全产品的模式检测机制,是一种新的代码混淆和去优化方法 – SecTodayBot

• tor-rootkit:
https://github.com/emcruise/tor-rootkit

   ・ 介绍了一个Python 3独立的Windows 10 / Linux Rootkit,可以通过tor网络建立网络通信。 "t – SecTodayBot

• CVE-2022-24785 MomentJS Path Traversal:
https://0xjay.com/how-cve-2022-24785-momentjs-path-traversal-works-detailed-exploit-guide

   ・ 分析了MomentJS路径遍历漏洞(CVE-2022-24785)的根本原因,并提供了利用该漏洞的实证。 – SecTodayBot

• DojoLoader: Generic PE loader for fast prototyping evasion techniques:
https://meterpreter.org/dojoloader-generic-pe-loader-for-fast-prototyping-evasion-techniques/

   ・ 介绍了一个通用PE加载器及各种逃避技术,重点讨论了睡眠混淆技术,包括RW->RX、MemoryBouncing和MemoryHopping – SecTodayBot

• LavaDome bypass by detecting character height · Issue #48 · LavaMoat/LavaDome:
https://github.com/LavaMoat/LavaDome/issues/48

   ・ 讨论了一种潜在的字体处理漏洞,并提供了相关的漏洞利用示例。 – SecTodayBot

• Let's Make & Crack a PRNG in Go!:
https://vaktibabat.github.io/posts/PRNG_In_Go/

   ・ 讨论了伪随机数生成器(PRNG)的实现和破解。主要介绍了Mersenne Twister PRNG的详细分析和实现方法。 – SecTodayBot

• RISC-V Emulator for Sophgo SG2000 SoC (Pine64 Oz64 / Milk-V Duo S):
https://lupyuen.codeberg.page/articles/sg2000b.html

   ・ 介绍了开发和测试针对特定硬件的 RISC-V 模拟器,主要讨论了 TinyEMU RISC-V 模拟器的更新以支持 Sophgo SG2000 SoC,并分析了由于 auipc 指令导致的漏洞。 – SecTodayBot

* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号: 腾讯玄武实验室
https://weibo.com/xuanwulab


文章来源: https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651959727&idx=1&sn=f3967e12ce583e92a2da516385dc6ff0&chksm=8baed130bcd958269d16ff6e27cd16c5354c854bb49a4c97bf98613f19f40ff39b8a31469ad5&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh