Tencent Security Xuanwu Lab Daily News
• Linux 5.6 io_uring Cred Refcount Overflow:
https://packetstormsecurity.com/files/176649
・ Linux版本5.6及以上存在cred refcount溢出漏洞,当处理大约39GB的内存使用时,通过io_uring可能会触发该漏洞。
– SecTodayBot
• ADCSync – Use ESC1 To Perform A Makeshift DCSync And Dump Hashes:
http://dlvr.it/T1bZ4Y
・ ADCSync是一种新工具,用于在Active Directory环境中实施类DCSync攻击,通过ESC1来dump用户帐户的NTLM哈希。
– SecTodayBot
• Behind the Scenes of Pwn2Own Automotive – Updating AGL #shorts:
https://youtube.com/shorts/2BsbZOb6X6s
・ Pwn2Own Automotive是一场著名的汽车网络安全比赛,本文介绍了该比赛的幕后情况
– SecTodayBot
• An introduction to reverse engineering .NET AOT applications:
https://harfanglab.io/en/insidethelab/reverse-engineering-ida-pro-aot-net/
・ 文章介绍了关于越南的网络犯罪组织DuckTail的活动报告,以及他们在.NET程序中使用AOT(ahead of time)编译的新特性。AOT编译对于逆向工程师来说是一个挑战,文章介绍了如何识别.NET AOT二进制文件以及设置AOT用于测试项目的步骤。
– SecTodayBot
• Insomni’hack 2024 CTF Teaser – Cache Cache:
https://itm4n.github.io/insomnihack-2024-cache-cache/
・ 讨论了作者在CTF中出题和逆向工程Windows RPC服务器的过程
– SecTodayBot
• 0xsha/EVMProxyInspect: Multi-Chain EVM Proxy Detection Tool:
https://github.com/0xsha/EVMProxyInspect
・ 介绍了一种新的安全测试工具,Multi-Chain EVM代理检测工具
– SecTodayBot
• Accepting a calendar invite in Outlook could leak your password:
https://www.scmagazine.com/news/accepting-a-calendar-invite-in-outlook-could-leak-your-password
・ 微软Outlook存在漏洞,通过恶意日历邀请泄露哈希密码
– SecTodayBot
• CVE-2023-50643: Evernote Remote Code Execution Flaw, PoC Published:
https://securityonline.info/cve-2023-50643-evernote-remote-code-execution-flaw-poc-published/
・ Evernote for MacOS存在严重远程代码执行漏洞(CVE-2023-50643),该漏洞源于Electron开发框架,可能导致恶意攻击者执行任意代码。
– SecTodayBot
• A Stealthy Godzilla Webshell: A New Threat Targeting Apache ActiveMQ:
https://securityonline.info/a-stealthy-godzilla-webshell-a-new-threat-targeting-apache-activemq/
・ Apache ActiveMQ 软件存在CVE-2023-46604漏洞,可导致恶意攻击者利用Godzilla Webshell进行未经授权访问和控制。
– SecTodayBot
• How Threat Actors Leveraged HAR Files To Attack Okta’s Customers:
https://www.rezonate.io/blog/har-files-attack-okta-customers
・ 介绍了Okta的安全漏洞事件,以及黑客是如何利用HAR文件进行攻击的。
– SecTodayBot
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(1-23)