每日安全动态推送(06-23)

Tencent Security Xuanwu Lab Daily News

• 简单聊下最近2个有意思的漏洞:
https://paper.seebug.org/1926/

   ・ Project Zero 近期爆出 webkit 漏洞的 ”考古“过程分析 – Jett

• How Threat Actors Hijack Attention: The 2022 Social Engineering Report  | Proofpoint US:
https://www.proofpoint.com/us/blog/threat-insight/how-threat-actors-hijack-attention-2022-social-engineering-report

   ・ Proofpoint 发布 2022 社会工程学趋势和关键事件安全研究报告 – Jett

• [Blockchain] GitHub - saeidshirazi/Awesome-Smart-Contract-Security: A curated list of Smart Contract Security materials and resources For Researchers:
https://github.com/saeidshirazi/Awesome-Smart-Contract-Security

   ・ 智能合约安全相关的资料整理 – Jett

• Awesome RCE techniques:
https://github.com/p0dalirius/Awesome-RCE-techniques

   ・ 常见 CMS/LMS Web 框架的 RCE 技术整理 – Jett

• Extracting Whitelisted Paths from Windows Defender ASR Rules:
https://adamsvoboda.net/extracting-asr-rules/

   ・ 提取 Windows Defender 的白名单路径规则，绕过检测 – Jett

• GitHub - Rivaill/CryptoVulhub: Analyze and reproduce attack events or vulnerabilities in the blockchain world.:
https://github.com/Rivaill/CryptoVulhub

   ・ 区块链安全攻击、漏洞事件的分析和重现 – Jett

• Inside JavaScript Engines, Part 1: Parsing:
https://medium.com/@yanguly/inside-javascript-engines-part-1-parsing-c519d75833d7

   ・ Inside JavaScript Engines, Part 1: Parsing – Jett

• [Android] GHSL-2022-037: Use After Free (UAF) in Qualcomm kgsl driver - CVE-2022-22057:
https://securitylab.github.com/advisories/GHSL-2022-037_msm_kernel/

   ・ 高通 kgsl 驱动 UAF 漏洞的分析（CVE-2022-22057） – Jett

• 技术前瞻｜下一代Windows漏洞利用：攻击通用日志文件系统:
https://mp.weixin.qq.com/s/RkgSyKtLmwCFFQHY429Lkg

   ・ Windows CLFS 文件系统的漏洞 Fuzzing 和利用 – Jett

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab