每日安全动态推送(11-25)

每日安全动态推送(11-25)

腾讯安全玄武实验室 2021-11-25 投诉

阅读数：7843

A bit of a Fixer Upper - Testing FIX-backed applications:
https://labs.f-secure.com/blog/a-bit-of-a-fixer-upper-playing-with-the-fix-tcp-protocol/
・ F-Secure Labs 对金融信息交换协议（FIX）的分析 – Jett

[PDF] https://soroush.secproject.com/downloadable/common_security_issues_in_financially_oriented_apps_v2.0.pdf:
https://soroush.secproject.com/downloadable/common_security_issues_in_financially_oriented_apps_v2.0.pdf
・金融 Web 应用常见的安全漏洞分析报告 – Jett

[Tools] federicodotta/Brida:
https://github.com/federicodotta/Brida
・ Brida - 用于 Burp Suite 与 Frida 协作的 Bridge – Jett

Graphical Lures In The Age of Cybercrime. | InQuest:
https://inquest.net/blog/2021/11/23/graphical-lures-age-cybercrime
・网络钓鱼攻击中的诱饵设计案例 – Jett

How to Detect Azure Active Directory Backdoors: Identity Federation:
https://www.inversecos.com/2021/11/how-to-detect-azure-active-directory.html
・ How to Detect Azure Active Directory Backdoors: Identity Federation – Jett

Using CVE-2021-40531 for RCE with Sketch:
https://jonpalmisc.com/2021/11/22/cve-2021-40531
・ Using CVE-2021-40531 for RCE with Sketch – Jett

[Tools] Hunting for Persistence in Linux (Part 1): Auditd, Sysmon, Osquery, and Webshells:
https://pberba.github.io/security/2021/11/22/linux-threat-hunting-for-persistence-sysmon-auditd-webshell/
・ Hunting for Persistence in Linux (Part 1): Auditd, Sysmon, Osquery, and Webshells – Jett

反序列化小子捕获器-反制ysoserial:
https://mp.weixin.qq.com/s/Ww_IxNLXI0KWZYERGwu3bg
・反序列化小子捕获器-反制 ysoserial – Jett

Exploiting CVE-2021-43267:
https://haxx.in/posts/pwning-tipc/
・ Linux TIPC 堆溢出漏洞（CVE-2021-43267）的利用 – Jett

[Fuzzing] Introduction to Dharma - Part 1:
https://blog.haboob.sa/blog/introduction-to-dharma-part-1
・ Dharma - 基于语法文件生成 Fuzz 测试样本的工具 – Jett

* 查看或搜索历史推送内容请访问：

https://sec.today

* 微信公众号：腾讯玄武实验室

腾讯安全玄武实验室

http://xlab.tencent.com

快速开通微博你可以查看更多内容，还可以评论、转发微博。

 

Ú