• 简单聊下最近2个有意思的漏洞:
https://paper.seebug.org/1926/
・ Project Zero 近期爆出 webkit 漏洞的 ”考古“过程分析
– Jett
• How Threat Actors Hijack Attention: The 2022 Social Engineering Report | Proofpoint US:
https://www.proofpoint.com/us/blog/threat-insight/how-threat-actors-hijack-attention-2022-social-engineering-report
・ Proofpoint 发布 2022 社会工程学趋势和关键事件安全研究报告
– Jett
• [Blockchain] GitHub - saeidshirazi/Awesome-Smart-Contract-Security: A curated list of Smart Contract Security materials and resources For Researchers:
https://github.com/saeidshirazi/Awesome-Smart-Contract-Security
・ 智能合约安全相关的资料整理
– Jett
• Awesome RCE techniques:
https://github.com/p0dalirius/Awesome-RCE-techniques
・ 常见 CMS/LMS Web 框架的 RCE 技术整理
– Jett
• Extracting Whitelisted Paths from Windows Defender ASR Rules:
https://adamsvoboda.net/extracting-asr-rules/
・ 提取 Windows Defender 的白名单路径规则,绕过检测
– Jett
• GitHub - Rivaill/CryptoVulhub: Analyze and reproduce attack events or vulnerabilities in the blockchain world.:
https://github.com/Rivaill/CryptoVulhub
・ 区块链安全攻击、漏洞事件的分析和重现
– Jett
• Inside JavaScript Engines, Part 1: Parsing:
https://medium.com/@yanguly/inside-javascript-engines-part-1-parsing-c519d75833d7
・ Inside JavaScript Engines, Part 1: Parsing
– Jett
• [Android] GHSL-2022-037: Use After Free (UAF) in Qualcomm kgsl driver - CVE-2022-22057:
https://securitylab.github.com/advisories/GHSL-2022-037_msm_kernel/
・ 高通 kgsl 驱动 UAF 漏洞的分析(CVE-2022-22057)
– Jett
• 技术前瞻|下一代Windows漏洞利用:攻击通用日志文件系统:
https://mp.weixin.qq.com/s/RkgSyKtLmwCFFQHY429Lkg
・ Windows CLFS 文件系统的漏洞 Fuzzing 和利用
– Jett
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab