每日安全动态推送(11-25)
腾讯安全玄武实验室
2021-11-25
投诉
阅读数:7843
A bit of a Fixer Upper - Testing FIX-backed applications:
https://labs.f-secure.com/blog/a-bit-of-a-fixer-upper-playing-with-the-fix-tcp-protocol/
・ F-Secure Labs 对金融信息交换协议(FIX)的分析 –
Jett
[PDF] https://soroush.secproject.com/downloadable/common_security_issues_in_financially_oriented_apps_v2.0.pdf:
https://soroush.secproject.com/downloadable/common_security_issues_in_financially_oriented_apps_v2.0.pdf
・ 金融 Web 应用常见的安全漏洞分析报告 –
Jett
[
Tools
] federicodotta/Brida:
https://github.com/federicodotta/Brida
・ Brida - 用于 Burp Suite 与 Frida 协作的 Bridge –
Jett
Graphical Lures In The Age of Cybercrime. | InQuest:
https://inquest.net/blog/2021/11/23/graphical-lures-age-cybercrime
・ 网络钓鱼攻击中的诱饵设计案例 –
Jett
How to Detect Azure Active Directory Backdoors: Identity Federation:
https://www.inversecos.com/2021/11/how-to-detect-azure-active-directory.html
・ How to Detect Azure Active Directory Backdoors: Identity Federation –
Jett
Using CVE-2021-40531 for RCE with Sketch:
https://jonpalmisc.com/2021/11/22/cve-2021-40531
・ Using CVE-2021-40531 for RCE with Sketch –
Jett
[
Tools
] Hunting for Persistence in Linux (Part 1): Auditd, Sysmon, Osquery, and Webshells:
https://pberba.github.io/security/2021/11/22/linux-threat-hunting-for-persistence-sysmon-auditd-webshell/
・ Hunting for Persistence in Linux (Part 1): Auditd, Sysmon, Osquery, and Webshells –
Jett
反序列化小子捕获器-反制ysoserial:
https://mp.weixin.qq.com/s/Ww_IxNLXI0KWZYERGwu3bg
・ 反序列化小子捕获器-反制 ysoserial –
Jett
Exploiting CVE-2021-43267:
https://haxx.in/posts/pwning-tipc/
・ Linux TIPC 堆溢出漏洞(CVE-2021-43267)的利用 –
Jett
[
Fuzzing
] Introduction to Dharma - Part 1:
https://blog.haboob.sa/blog/introduction-to-dharma-part-1
・ Dharma - 基于语法文件生成 Fuzz 测试样本的工具 –
Jett
* 查看或搜索历史推送内容请访问:
https://sec.today
* 微信公众号: 腾讯玄武实验室
关注作者,阅读全文
c
还有50%的精彩内容,作者设置为仅对粉丝可见
腾讯安全玄武实验室
http://xlab.tencent.com
+
关注
转发 1
评论
2
快速开通微博
你可以查看更多内容,还可以评论、转发微博。
Ú