[Tools] 0vercl0k/rp:https://github.com/0vercl0k/rp
・ 研究员 Axel Souchet 开源了一个支持多平台的 ROP gadget 搜索工具 – Jett
[Windows] CVE-2022-21907:https://github.com/antx-code/CVE-2022-21907
・ GitHub 上出现 Windows HTTP 协议栈远程代码执行漏洞(CVE-2022-21907)的 PoC – Jett
Awesome Executable Packing:https://github.com/dhondta/awesome-executable-packing
・ 可执行文件加壳相关的资料和工具整理 – Jett
IPv6 Security & Capability Testing, Part 2:https://theinternetprotocolblog.wordpress.com/2020/05/26/ipv6-security-capability-testing-part-2/
・ IPv6 Security & Capability Testing, Part 2 – Jett
Apache HTTP Server mod_lua模块缓冲区溢出漏洞分析(CVE-2021-44790):https://mp.weixin.qq.com/s/VjSpJW-1sYM1BwDPQZDqFA
・ Apache HTTP Server mod_lua 模块缓冲区溢出漏洞分析(CVE-2021-44790) – Jett
Security Hardening: Use of eBPF by unprivileged users has been disabled by default | Support | SUSE:https://www.suse.com/support/kb/doc/?id=000020545
・ SUSE 发行版因担心 eBPF 的漏洞决定限制普通用户使用 eBPF – Jett
[Tools] Capturing RDP NetNTLMv2 Hashes: Attack details and a Technical How-To Guide:https://www.gosecure.net/blog/2022/01/17/capturing-rdp-netntlmv2-hashes-attack-details-and-a-technical-how-to-guide/
・ 基于 PyRDP 工具从 RDP 流量中截获 RDP NetNTLMv2 Hash – Jett
不完美的条件竞争JNDI漏洞利用链发现过程:https://tttang.com/archive/1409/
・ 不完美的条件竞争JNDI漏洞利用链发现过程. – lanying37
Intro to Embedded RE Part 1: Tools and Series Overview:https://voidstarsec.com/blog//2022/01/17/intro-to-embedded-part-1
・ 嵌入式设备逆向所需的工具链 – Jett
StopDefender:https://github.com/lab52io/StopDefender
・ 从 TrustedInstaller 和 winlogon 窃取 token,禁用 Windows Defender – Jett
Stealing administrative JWT's through post auth SSRF (CVE-2021-22056):https://blog.assetnote.io/2022/01/17/workspace-one-access-ssrf/
・ 利用 VMWare Workspace One Access 的 SSRF 漏洞泄露管理员身份 JWT – Jett
[Reverse Engineering, Tools] README.md:https://github.com/ptswarm/reFlutter
・ reFlutter - Flutter 逆向框架,辅助逆向基于 Flutter 包构建的 App – Jett
* 查看或搜索历史推送内容请访问:
https://sec.today
* 微信公众号: 腾讯玄武实验室
+关注
快速开通微博你可以查看更多内容,还可以评论、转发微博。
