Tencent Security Xuanwu Lab Daily News

• MartinIngesen/MSOLSpray: A Python implementation of dafthack's MSOLSpray. A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, if the account is locked, or if the account is disabled.:
https://github.com/MartinIngesen/MSOLSpray

   ・ 名为MSOLSpray的纯Python重写工具，用于对Microsoft Online账户进行密码喷洒攻击。这一工具不仅用于寻找有效密码，还提供了大量关于Azure AD错误代码的信息，可用作Microsoft Online账户的侦察工具。 – SecTodayBot

• Unveiling the Server-Side Prototype Pollution Gadgets Scanner:
https://blog.doyensec.com/2024/02/17/server-side-prototype-pollution-Gadgets-scanner.html

   ・ 介绍了服务器端原型污染漏洞的扫描工具，讨论了原型污染的根本原因、影响以及对应的利用方法和工具。 – SecTodayBot

• Automatic-Systems SOC FL9600 FastLine - The device contains hardcoded login and password for super admin:
https://dlvr.it/T3JHv1

   ・ Automatic-Systems SOC FL9600 FastLine存在的固定登录凭据漏洞(CVE-2023-37608)，并提供了硬编码的超级管理员登录名和密码。 – SecTodayBot

• Open-Source Xeno RAT Trojan Emerges as a Potent Threat on GitHub:
https://thehackernews.com/2024/02/open-source-xeno-rat-trojan-emerges-as.html

   ・ 介绍了一种名为Xeno RAT的远程访问特洛伊木马（RAT），它是一个以C#编写的开源工具，可在Windows 10和Windows 11操作系统上运行。该RAT具有多种远程系统管理功能，并通过Discord内容传送网络（CDN）进行传播。 – SecTodayBot

• Leaking ObjRefs to Exploit HTTP .NET Remoting:
https://code-white.com/blog/leaking-objrefs-to-exploit-http-dotnet-remoting/

   ・ 揭示了ASP.NET Web应用程序中的.NET Remoting漏洞，可能导致未经身份验证的远程代码执行。 – SecTodayBot

• Data Scientists Targeted by Malicious Hugging Face ML Models with Silent Backdoor:
https://jfrog.com/blog/data-scientists-targeted-by-malicious-hugging-face-ml-models-with-silent-backdoor/

   ・ 揭示了机器学习模型可能对Hugging Face平台用户的环境构成威胁，讨论了如何加载ML模型可能导致代码执行，以及Hugging Face已实施的安全措施。 – SecTodayBot

• Keylogging in the Windows kernel with undocumented data structures:
https://eversinc33.com/posts/kernel-mode-keylogging/

   ・ 通过未记录的数据结构gafAsyncKeyState来实现Windows内核中进行键盘记录。 – SecTodayBot

• Executables Created with perl2exe < V30.10C - Arbitrary Code Execution:
https://dlvr.it/T3JHvP

   ・ 该文章中披露了一个新的漏洞，涉及perl2exe创建的可执行文件，攻击者可以利用该漏洞执行任意代码。 – SecTodayBot

• UAC-0184 Targets Ukrainian Entity in Finland With Remcos RAT:
https://www.darkreading.com/cyberattacks-data-breaches/uac-0184-targets-ukrainian-entity-finland-remcos-rat

   ・ 讨论了使用隐写术传递 Remcos RAT 的网络间谍活动，重点介绍了攻击的技术细节，包括隐写术和新型恶意软件 IDAT Loader 的使用。 – SecTodayBot

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab