每日安全动态推送(2-2)

Tencent Security Xuanwu Lab Daily News

• [Tools] Installation:

   ・ Obfuscation Detection 一个用于自动检查二进制文件中的混淆代码和状态机的脚本/工具/Binary Ninja插件 – 

• [Web] Vuln-Drive 2 - bi0sCTF22:

   ・ bi0sCTF 2022 Web题目Vuln-Drive 2的官方writeup – 

• Python原型链污染变体(prototype-pollution-in-python):

   ・ Python原型链污染变体(prototype-pollution-in-python) – 

• CVE-2022-42475:

   ・ 通过补丁对比分析FortiGate SSLVPN 的 RCE 漏洞 CVE-2022-42475，漏洞原因在于32->64转换时的整数溢出 – 

• Bypassing OGNL sandboxes for fun and charities:

   ・  绕过OGNL注入保护机制(包括Struts和Atlassian Confluence使用一些特殊的机制) – 

• [Windows] Introducing kernel sanitizers on Microsoft platforms:

   ・ 微软在内核中引入KASAN，SKASAN和针对Hyper-V的HASAN – 

• [Malware] Chinese PlugX Malware Hidden in Your USB Devices?:

   ・ 隐藏于USB介质中的PlugX变体 – 

• PDFkit-CMD-Injection (CVE-2022-25765):

   ・ pdfkit命令执行漏洞CVE-2022-25765 Exp – 

• PHP Development Server <= 7.4.21 - Remote Source Disclosure:

   ・ PHP Development Server <= 7.4.21的远程源码泄露漏洞 – 

• [Tools] Malware Theory - How Packers Work, Polymorphism and Misconceptions:

   ・ Malware Theory - How Packers Work, Polymorphism and Misconceptions – 

* 查看或搜索历史推送内容请访问：

* 新浪微博账号：腾讯玄武实验室