Tencent Security Xuanwu Lab Daily News
• [PDF] https://bitvm.org/bitvm.pdf:
https://bitvm.org/bitvm.pdf
・ 基于 Bitcoin 的虚拟机
– SecTodayBot
• AI-Powered Fuzzing: Breaking the Bug Hunting Barrier:
https://security.googleblog.com/2023/08/ai-powered-fuzzing-breaking-bug-hunting.html?m=1
・ 利用大语言模型帮助进行模糊测试
– SecTodayBot
• "Unmasking the Godfather - Reverse Engineering the Latest Android Banking Trojan" by Laurie Kirk:
https://youtu.be/jNQmc2REwFg
・ 逆向分析安卓银行木马
– SecTodayBot
• Same-origin policy violation using performance.getEntries and history navigation:
https://www.mozilla.org/en-US/security/advisories/mfsa2015-136/
・ 利用 performance.getEntries 和 history navigation 来绕过同源策略检查
– SecTodayBot
• A universal EDR bypass built in Windows 10 - RiskInsight:
https://www.riskinsight-wavestone.com/en/2023/10/a-universal-edr-bypass-built-in-windows-10/
・ Win10 中的通用 EDR bypass方法
– SecTodayBot
• NjRat Malware Analysis:
https://www.youtube.com/watch?v=tV-TnyqXBv8&ab_channel=AhmedSKasmani
・ 恶意软件分析教学,以分析 NjRat 为例
– SecTodayBot
• CVE-2022-4908: SOP bypass in Chrome using Navigation API:
https://joaxcar.com/blog/2023/10/06/cve-2022-4908-sop-bypass-in-chrome-using-navigation-api/
・ Chrome SOP bypass
– SecTodayBot
• CVE-2023-43641: out-of-bounds array access in libcue 2.2.1:
https://seclists.org/oss-sec/2023/q4/69
・ libcue 2.2.1 数组越界访问
– SecTodayBot
• Kibana Prototype Pollution / Remote Code Execution:
https://packetstormsecurity.com/files/174993/kibana_upgrade_assistant_telemetry_rce.rb.txt
・ Kibana 原型链污染 RCE 漏洞
– SecTodayBot
• Coordinated Disclosure: 1-Click RCE on GNOME (CVE-2023-43641):
https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/
・ Gnome 1-Click RCE 漏洞
– SecTodayBot
• IoT Secure Development Guide:
https://www.pentestpartners.com/security-blog/iot-secure-development-guide/
・ IoT 安全开发指南
– SecTodayBot
• 3DS userland 漏洞那些事:
https://paper.seebug.org/3047/
・ 3DS 掌机用户态破解漏洞介绍
– SecTodayBot
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
如有侵权请联系:admin#unsafe.sh