每日安全动态推送(01-11)

腾讯安全玄武实验室 2022-01-11 投诉

阅读数：9236

psproc源码阅读 - 1 - NUL.PW:
http://www.nul.pw/2022/01/10/292.html

・ psproc源码阅读 . – lanying37

Debug Native Messaging:
https://textslashplain.com/2022/01/08/debug-native-messaging/

・监控浏览器扩展与 NativeMessaging Host 之间的 Native 消息 – Jett

[Tools] SQL Injection in Wordpress core (CVE-2022–21661):@ngocnb.915/sql-injection-in-wordpress-core-zdi-can-15541-a451c492897" rel="nofollow" style="box-sizing: border-box; color: rgb(0, 123, 255); text-decoration: none; background-color: transparent;">
https://medium.com/@ngocnb.915/sql-injection-in-wordpress-core-zdi-can-15541-a451c492897

・ Wordpress core (CVE-2022–21661) SQL 注入漏洞的分析（越南语） – Jett

昆仑实验室:
https://www.cyberkl.com/cvelist/cvedetail/38

・昆仑实验室对 XNU Mach Port CVE-2021-30909 漏洞的分析 – Jett

[Windows] Kernel Karnage – Part 8 (Getting Around DSE):
https://blog.nviso.eu/2022/01/10/kernel-karnage-part-8-getting-around-dse/

・ Kernel Karnage – Part 8 (Getting Around DSE) – Jett

Process Herpaderping:
https://github.com/jxy-s/herpaderping

・ Process Herpaderping - 通过替换进程的磁盘镜像绕过杀软检测 – Jett

[iOS] 昆仑实验室:
https://www.cyberkl.com/cvelist/cvedetail/33

・昆仑实验室对 XNU turnstile UAF CVE-2021-30916 漏洞的分析 – Jett

我们是如何发现PBX设备的固件后门的（译文）:
https://tttang.com/archive/1398/

・我们是如何发现PBX设备的固件后门的（译文）. – lanying37

VoLTE/VoWiFi research with $0 of equipment: set up a phone network over Wi-Fi calling:
https://worthdoingbadly.com/vowifi2/