每日安全动态推送(3-24)

Tencent Security Xuanwu Lab Daily News

• Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours:
https://securityintelligence.com/posts/patch-tuesday-exploit-wednesday-pwning-windows-ancillary-function-driver-winsock/

   ・ 根据微软发布的Patch来定位漏洞，并在24小时内写出afd.sys驱动的漏洞利用 – WireFish

• PHP filter chains: file read from error-based oracle:
https://www.synacktiv.com/en/publications/php-filter-chains-file-read-from-error-based-oracle.html

   ・ 一种error-based oracle，可以泄露文件内容。通过iconv使得内容长度翻倍触发内存分配报错，再通过dechunk逐字节爆破。 – keenan

• Codex (and GPT-4) can’t beat humans on smart contract audits:
https://blog.trailofbits.com/2023/03/22/codex-and-gpt4-cant-beat-humans-on-smart-contract-audits/

   ・ OpenAI Codex（和GPT-4）不能在智能合约审计上打败人类，但可以在智能合约的自动审计上打败人类审计员，例如重入、费用分配和费用分配 – SecTodayBot

• [Linux] kernel-exploit-factory:
https://github.com/bsauce/kernel-exploit-factory

   ・ Linux 内核漏洞利用集合 – WireFish

• [Android] Android Attack: Reversing React Native Applications:
https://securityqueens.co.uk/android-attack-reversing-react-native-applications/

   ・ Android 攻击：逆向 React Native 应用程序 – SecTodayBot

• Insecure python cgi documentation and tutorials are vulnerable to XSS.:
https://seclists.org/fulldisclosure/2023/Mar/13

   ・ python cgi 文档和教程易受 XSS（跨站点脚本）攻击 – SecTodayBot

• I Don’t Need a Badge – Lessons Learned from Physical Social Engineering:
https://labs.nettitude.com/blog/i-dont-need-a-badge-lessons-learned-from-physical-social-engineering/

   ・ 本文介绍了物理社会工程经验，并提供了一个真实参与的故事，重点关注物理安全的人为方面以及如何利用和修复常见漏洞 – SecTodayBot

• [Windows, Tools] Crassus: Windows privilege escalation discovery tool:
https://securityonline.info/crassus-windows-privilege-escalation-discovery-tool/

   ・ 一种分析特权进程的文件和目录的工具，通过DLL Hijacking via version.cpp 和version.def 文件找出进程是否容易受到DLL 劫持。 – SecTodayBot

• psexec 原理分析和实现:
https://paper.seebug.org/2056/

   ・ psexec 原理分析和实现 – lanying37

• [Tools, Windows] Windows 11 Snipping Tool Privacy Bug: Inspecting PNG Files:
https://i5c.us/d29660

   ・ Windows 11的截图工具也存在和acropalypse相似的漏洞。 – keenan

• How Hackers Bypass MFA… And How to Stop Them:
https://www.brighttalk.com/webcast/19320/573651?utm_source=Zimperium&utm_medium=brighttalk

   ・ 多因素身份验证 (MFA) 是实现零信任的关键组成部分，因为它在允许访问网络、应用程序和数据库之前添加了第二道保护线。然而，恶意行为者已经找到了通过基于 SMS 的攻击、设备妥协、恶意软件甚至网络攻击来绕过 MFA 控制的方法 – SecTodayBot

• [Programming] Setting up KDNET over USB EEM for Bootloader and Hyper-V debugging:
https://tandasat.github.io/blog/windows/2023/03/21/setting-up-kdnet-over-usb-eem-for-bootloader-and-hyper-v-debugging.html

   ・ 通过 USB EEM 设置 KDNET 以进行引导加载程序和 Hyper-V 调试 – SecTodayBot

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab

原文始发于微信公众号（腾讯玄武实验室）：每日安全动态推送(3-24)