• GitHub - infobyte/draytek-arsenal: Reverse Engineering and Observability toolkit for Draytek firewalls:
https://github.com/infobyte/draytek-arsenal
・ 围绕Draytek边缘设备的固件分析和漏洞研究展开,揭示了固件提取和安全研究工具的开发过程
– SecTodayBot
• sysdig-inspect: powerful opensource interface for container troubleshooting and security investigation:
https://meterpreter.org/sysdig-inspect-powerful-opensource-interface-for-container-troubleshooting-and-security-investigation/
・ Sysdig Inspect是一个强大的开源容器故障排除和安全调查界面。它提供了细粒度的系统、网络和应用程序活动数据,支持性能和安全调查,以及深度容器审查。
– SecTodayBot
• CVE-2024-38856 - Apache OFBiz Pre-Authentication RCE vulnerability:
https://www.broadcom.com/support/security-center/protection-bulletin/cve-2024-38856-apache-ofbiz-pre-authentication-rce-vulnerability
・ 介绍了Apache OFBiz的预身份验证远程代码执行漏洞CVE-2024-38856,对漏洞的根本原因进行了详细分析。
– SecTodayBot
• ArtiPACKED: A New GitHub Actions Vulnerability Exposes Critical Credentials:
https://securityonline.info/artipacked-a-new-github-actions-vulnerability-exposes-critical-credentials/
・ GitHub Actions中的新漏洞ArtiPACKED可能会危及高知名度的开源项目
– SecTodayBot
• Linux Kernel Vulnerabilities Expose Systems to Privilege Escalation: Flaws Detailed and Exploit Code Released:
https://securityonline.info/linux-kernel-vulnerabilities-expose-systems-to-privilege-escalation-flaws-detailed-and-exploit-code-released/
・ 披露了Linux内核中三个漏洞的技术细节和利用代码,这些漏洞可能导致特权提升
– SecTodayBot
• BYOVDLL - A New Exploit That Is Bypassing LSASS Protection:
https://gbhackers.com/byovdll-exploit-bypassing-lsass-protection/
・ 介绍了关于Microsoft PPL绕过漏洞的修补、新的BYOVDLL利用漏洞、LSASS进程保护的新发现漏洞,详细分析了漏洞的根本原因,并提供了用于利用漏洞的POC。
– SecTodayBot
• identYwaf: Blind WAF identification tool:
https://meterpreter.org/identywaf-blind-waf-identification-tool/
・ 介绍了一个名为identYwaf的识别工具,可基于盲推理识别 Web 应用防火墙(WAF)类型。它支持80多种不同的保护产品
– SecTodayBot
• Project Zero: ‘It Will Take All of Us to End The Era of Zero Days’:
https://decipher.sc/project-zero-it-will-take-all-of-us-to-end-the-era-of-zero-days
・ Project Zero讨论了过去10年中在应对零日漏洞方面取得的进展和面临的挑战,以及供应商和研究人员在解决这些问题中的作用。
– SecTodayBot
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab