Tencent Security Xuanwu Lab Daily News

• OpenArk: Next Generation of Anti-Rootkit(ARK) tool for Windows:
https://securityonline.info/openark-next-generation-of-anti-rootkitark-tool-for-windows/

   ・ OpenArk是一款针对Windows的下一代反Rootkit(ARK)工具，具有强大的功能和开放源代码特性。 – SecTodayBot

• Modern implant design: position independent malware development:
https://5pider.net/blog/2024/01/27/modern-shellcode-implant-design/

   ・ 讨论了现代位置无关的木马植入物、反射加载器以及作者对编写木马植入物的新方法的研究。 – SecTodayBot

• rasta-mouse/SpawnWith:
https://github.com/rasta-mouse/SpawnWith

   ・ 介绍了一种实验性的Beacon Object File (BOF)，提供了一种新的方法用于测试和执行shellcode。 – SecTodayBot

• CVE-2024-22857: Critical Flaw in Popular Zlog Library Opens Door to Arbitrary Code Execution:
https://securityonline.info/cve-2024-22857-critical-flaw-in-popular-zlog-library-opens-door-to-arbitrary-code-execution/

   ・ Zlog库中的关键漏洞(CVE-2024-22857)可能导致远程执行任意代码 – SecTodayBot

• CVE-2024–23897 - Arbitrary file read in Jenkins:
https://blog.securelayer7.net/arbitrary-file-read-in-jenkins/

   ・ 分析了Jenkins中的一个关键漏洞CVE-2024–23897，详细介绍了漏洞的根本原因 – SecTodayBot

• Presenting Scanme: Deep Dive into Network Scanning with Golang: Building a Port Scanner:
https://cyberroute.github.io/post/2024-02-25-scanme/

   ・ 介绍了使用Golang和gopacket库进行网络扫描的方法 – SecTodayBot

• Detecting Canary Tokens and Suspicious URLs in Microsoft Office, Acrobat Reader PDF and Zip Files:
https://github.com/0xNslabs/CanaryTokenScanner

   ・ 介绍了一种用于检测Microsoft Office文件和Zip档案潜在威胁的Python脚本 – SecTodayBot

• Analyze installed Android applications for security risks in Termux:
https://www.mobile-hacker.com/2024/03/11/analyze-installed-android-applications-for-security-risks-in-termux/

   ・ APKDeepLens是一个用于扫描Android应用程序以识别潜在安全漏洞的Python工具，重点关注OWASP Top 10移动安全漏洞。它在Blackhat MEA 2023上发布。 – SecTodayBot

• Toolchain Necromancy: Past Mistakes Haunting ASLR:
https://grsecurity.net/toolchain_necromancy_past_mistakes_haunting_aslr

   ・ 讨论了性能优化对安全性的影响，分析了Linux内核和binutils的变化如何削弱ASLR。 – SecTodayBot

• GHSL-2024-027_GHSL-2024-028: API abuse in codeium-chrome - CVE-2024-28120:
https://securitylab.github.com/advisories/GHSL-2024-027_GHSL-2024-028_codeium-chrome/

   ・ 揭示了codeium-chrome浏览器扩展程序中的漏洞问题 – SecTodayBot

• Microsoft Windows Defender / Trojan.Win32/Powessere.G - Detection Mitigation Bypass:
https://dlvr.it/T3vKT4

   ・ 绕过Windows Defender检测的新漏洞信息 – SecTodayBot

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号： 腾讯玄武实验室
https://weibo.com/xuanwulab