Tencent Security Xuanwu Lab Daily News

• Buildroot: Talos download hash verification vulnerabilities:
https://seclists.org/oss-sec/2023/q4/266

   ・ Buildroot近期披露了有关哈希验证的漏洞信息，文章详细分析了漏洞根本原因，并介绍了处理下载哈希和自定义软件包位置的新方法和工具。 – SecTodayBot

• Critical Bluetooth flaw could take over Android, Apple, Linux devices:
https://packetstormsecurity.com/news/view/35283

   ・ 披露了一项多年潜伏的关键蓝牙安全漏洞，这一发现将在即将举行的会议上公布详细漏洞信息和漏洞利用脚本。漏洞的根本原因得到了详细分析，与著名的操作系统相关，包括远程代码执行。 – SecTodayBot

• Unmasking the Enigma: A Historical Dive into the World of PlugX Malware:
https://www.splunk.com/en_us/blog/security/unmasking-the-enigma-a-historical-dive-into-the-world-of-plugx-malware.html

   ・ 文章详细解释了PlugX的DAT载荷提取、CFG解密、分析等内容，并介绍了用于威胁分析的Python工具。该工具自动化了提取过程，简化了调查过程，有助于安全专业人员更有效地解剖和理解这一威胁。 – SecTodayBot

• ProxyShell (CVE-2021-34473):
https://github.com/kh4sh3i/ProxyShell

   ・ 介绍了CVE-2021-34473漏洞，包括nuclei扫描器和ProxyShell.py脚本。同时公布了Orange Tsai在Pwn2Own中发现该漏洞的信息。 – SecTodayBot

• Finding LogoFAIL: The Dangers of Image Parsing During System Boot:
https://binarly.io/posts/finding_logofail_the_dangers_of_image_parsing_during_system_boot/index.html

   ・ 对UEFI固件中的图像解析组件的漏洞进行了深入调查和披露，揭示了这些漏洞对整个UEFI固件行业的影响。 – SecTodayBot

• Bypassing major EDRs using Pool Party process injection techniques:
https://securityaffairs.com/155464/hacking/pool-party-bypassing-edr.html

   ・ 介绍了一种新的绕过EDR解决方案的进程注入技术，通过利用Windows线程池发现了这一攻击向量。该技术在Black Hat Europe 2023上进行了展示，成功绕过了五种主流EDR解决方案的检测。 – SecTodayBot

• What is Loader Lock?:
https://elliotonsecurity.com/what-is-loader-lock/

   ・ 重点讨论了Windows中的DLL和加载器锁的影响，对系统进行了详细的分析，介绍了加载器锁的使用和影响。 – SecTodayBot

• GitHub - cqr-cryeye-forks/goby-pocs: List of pocs for goby:
https://github.com/cqr-cryeye-forks/goby-pocs

   ・ 提供了Goby工具的POC列表 – SecTodayBot

• Spoofing DNS Records by Abusing DHCP DNS Dynamic Updates | Akamai:
https://www.akamai.com/blog/security-research/spoofing-dns-by-abusing-dhcp

   ・ 披露了针对使用Microsoft DHCP服务器的Active Directory域的新攻击。攻击可以允许攻击者伪造敏感的DNS记录，可能导致从凭证窃取到完全的Active Directory域损害。 – SecTodayBot

• 一些pocsuite3的脚本:
https://github.com/wuerror/pocsuite3_pocs

   ・ 介绍了与网络安全测试和利用相关的各种POC脚本，包括ShiroAttack2、cve_2022_0540、jira越权、shiziyuCMS_sqli、drupal7_geddon2和http_request_smuggling_script。 – SecTodayBot

• New payload to exploit Error-based SQL injection - Oracle database:
https://www.mannulinux.org/2023/12/New-payload-to-exploit-Error-based-SQL-injection-Oracle-database.html

   ・ 介绍了利用XDBURITYPE()函数对Oracle和PostgreSQL数据库进行错误型SQL注入攻击的详细分析和利用方法 – SecTodayBot

• [Cracking Windows Kernel with HEVD] Chapter 4: How do we write a shellcode to elevate privileges and gracefully return to userland?:
https://mdanilor.github.io/posts/hevd-4/

   ・ 重点讲解了Windows特权升级的技术原理，包括如何编写shellcode来提升特权并优雅地返回用户空间。文章详细解析了Windows特权机制以及在特权升级后恢复堆栈和寄存器所面临的挑战。 – SecTodayBot

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab