Tencent Security Xuanwu Lab Daily News

• Dastardly From BurpSuite: Lightweight Web App Security Scanner:
https://cybersecuritynews.com/dastardly-web-app-security-scanner/

   ・ 扫描 Web 应用程序的部署状态并检测易受 DAST 攻击的 Web 应用程序的工具 – SecTodayBot

• Sharing is Not Caring: Hunting for Network Share Discovery:
https://www.splunk.com/en_us/blog/security/sharing-is-not-caring-hunting-for-file-share-discovery.html

   ・ Windows Active Directory 中网络共享技术的检测 – SecTodayBot

• Microsoft Keys:
https://blog.dshr.org/2023/09/microsoft-keys.html

   ・ Web Pki 安全的致命弱点：使用本地根存储作为中间人代理来过滤 SSL/TLS 加密的流量过滤代理 – SecTodayBot

• Executable and Linkable Format 101 Part 4: Dynamic Linking:
https://intezer.com/blog/malware-analysis/executable-linkable-format-101-part-4-dynamic-linking/

   ・ 可执行文件及链接文件格式介绍 – SecTodayBot

• JVNVU#93886750 Phoenix Technologies Windows kernel driver vulnerable to insufficient access control on its IOCTL:
https://jvn.jp/en/vu/JVNVU93886750/

   ・ Phoenix Technologies 公司开发的Windows内核驱动存在对IOCTL的访问控制不足的漏洞，可能导致固件被擦除或更改 – SecTodayBot

• Latest Jailbreak News: Access to /var ACHIEVED with the KFD exploit on iOS 15.0 – 16.5:
https://idevicecentral.com/jailbreak-news/sandbox-escape-var-access-achieved-kfd-ios-16/

   ・ KFD 是有史以来发布的第一个针对 iOS 16 的内核漏洞 – SecTodayBot

• Just for fun: What happens when you shift a register by more than the register size?:
https://devblogs.microsoft.com/oldnewthing/20230904-00/?p=108704

   ・ 处理器寄存器大小行为的研究 – SecTodayBot

• 利用新的 IDAT Loader 执行信息窃取程序分析:
https://paper.seebug.org/3027/

   ・ 恶意软件利用新的 IDAT Loader 加载执行 – SecTodayBot

• ARM64 Reversing And Exploitation Part 7 – Bypassing ASLR And NX:
https://8ksec.io/arm64-reversing-and-exploitation-part-7-bypassing-aslr-and-nx/

   ・ ARM64 逆向和利用第 7 部分 - 通过基于堆溢出漏洞绕过 ASLR 和 NX – SecTodayBot

• Fault Injection Reference Model (FIRM):
https://raelize.com/blog/raelize-fi-reference-model/

   ・ 一种用于理解故障注入物理原理的工具，一种绕过安全启动和在 Linux 上升级权限的技术，可以用于实现代码执行、提升权限或提取加密密钥 – SecTodayBot

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab