• MartinIngesen/MSOLSpray: A Python implementation of dafthack's MSOLSpray. A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, if the account is locked, or if the account is disabled.:
https://github.com/MartinIngesen/MSOLSpray
・ 名为MSOLSpray的纯Python重写工具,用于对Microsoft Online账户进行密码喷洒攻击。这一工具不仅用于寻找有效密码,还提供了大量关于Azure AD错误代码的信息,可用作Microsoft Online账户的侦察工具。
– SecTodayBot
• Unveiling the Server-Side Prototype Pollution Gadgets Scanner:
https://blog.doyensec.com/2024/02/17/server-side-prototype-pollution-Gadgets-scanner.html
・ 介绍了服务器端原型污染漏洞的扫描工具,讨论了原型污染的根本原因、影响以及对应的利用方法和工具。
– SecTodayBot
• Automatic-Systems SOC FL9600 FastLine - The device contains hardcoded login and password for super admin:
https://dlvr.it/T3JHv1
・ Automatic-Systems SOC FL9600 FastLine存在的固定登录凭据漏洞(CVE-2023-37608),并提供了硬编码的超级管理员登录名和密码。
– SecTodayBot
• Open-Source Xeno RAT Trojan Emerges as a Potent Threat on GitHub:
https://thehackernews.com/2024/02/open-source-xeno-rat-trojan-emerges-as.html
・ 介绍了一种名为Xeno RAT的远程访问特洛伊木马(RAT),它是一个以C#编写的开源工具,可在Windows 10和Windows 11操作系统上运行。该RAT具有多种远程系统管理功能,并通过Discord内容传送网络(CDN)进行传播。
– SecTodayBot
• Leaking ObjRefs to Exploit HTTP .NET Remoting:
https://code-white.com/blog/leaking-objrefs-to-exploit-http-dotnet-remoting/
・ 揭示了ASP.NET Web应用程序中的.NET Remoting漏洞,可能导致未经身份验证的远程代码执行。
– SecTodayBot
• Data Scientists Targeted by Malicious Hugging Face ML Models with Silent Backdoor:
https://jfrog.com/blog/data-scientists-targeted-by-malicious-hugging-face-ml-models-with-silent-backdoor/
・ 揭示了机器学习模型可能对Hugging Face平台用户的环境构成威胁,讨论了如何加载ML模型可能导致代码执行,以及Hugging Face已实施的安全措施。
– SecTodayBot
• Keylogging in the Windows kernel with undocumented data structures:
https://eversinc33.com/posts/kernel-mode-keylogging/
・ 通过未记录的数据结构gafAsyncKeyState来实现Windows内核中进行键盘记录。
– SecTodayBot
• Executables Created with perl2exe < V30.10C - Arbitrary Code Execution:
https://dlvr.it/T3JHvP
・ 该文章中披露了一个新的漏洞,涉及perl2exe创建的可执行文件,攻击者可以利用该漏洞执行任意代码。
– SecTodayBot
• UAC-0184 Targets Ukrainian Entity in Finland With Remcos RAT:
https://www.darkreading.com/cyberattacks-data-breaches/uac-0184-targets-ukrainian-entity-finland-remcos-rat
・ 讨论了使用隐写术传递 Remcos RAT 的网络间谍活动,重点介绍了攻击的技术细节,包括隐写术和新型恶意软件 IDAT Loader 的使用。
– SecTodayBot
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab