每日安全动态推送(3-22)
2024-3-22 10:30:23 Author: mp.weixin.qq.com(查看原文) 阅读量:4 收藏

Tencent Security Xuanwu Lab Daily News

• Todesstern:
https://github.com/kleiton0x00/Todesstern

   ・ Todesstern是一个新的模糊测试工具引擎,可以用于发现注入漏洞。 – SecTodayBot

• Canary Infra: Bringing Honeypots towards general adoption:
https://tracebit.com/blog/2024/03/canary-infra-bringing-honeypots-into-general-adoption/

   ・ 引入了一个名为Canary Infra的新方法来解决传统蜜罐存在的一系列问题,为安全团队提供了更加高效的入侵检测方案。 – SecTodayBot

• CVE-2024-1212 Command Injection Exploit for Kemp LoadMaster 🛡️🔓:
https://github.com/Chocapikk/CVE-2024-1212

   ・ 针对Kemp LoadMaster的新漏洞CVE-2024-1212的利用方法,提供了相关的Python脚本作为PoC,并介绍了多线程扫描工具 – SecTodayBot

• MultiDump - Post-Exploitation Tool For Dumping And Extracting LSASS Memory Discreetly:
https://www.kitploit.com/2024/03/multidump-post-exploitation-tool-for.html

   ・ 一款用于在不触发Defender警报的情况下,悄悄地转储和提取LSASS内存的后渗透工具MultiDump – SecTodayBot

• Chaining N-days to Compromise All: Part 1 — Chrome Renderer RCE:
https://blog.theori.io/chaining-n-days-to-compromise-all-part-1-chrome-renderer-rce-1afccf56721b?source=social.tw

   ・ 细分析了Chrome渲染器中的CVE-2023–3079漏洞 – SecTodayBot

• Streamline your static analysis triage with SARIF Explorer:
https://blog.trailofbits.com/2024/03/20/streamline-the-static-analysis-triage-process-with-sarif-explorer/

   ・ SARIF Explorer是一款新开发的VSCode扩展工具,旨在简化静态分析结果的分类过程,提供直观的用户界面和多项实用功能,有助于提高用户的工作效率。 – SecTodayBot

• Netgear wireless router open to code execution after buffer overflow vulnerability:
https://blog.talosintelligence.com/vulnerability-roundup-march-20-2024/

   ・ 披露了多个与网络和图形产品相关的新漏洞,包括一种可能导致家用网络中流行的Netgear无线路由器发生远程代码执行的漏洞。此外,还有关于NVIDIA GPU图形驱动程序和Google Chrome视频编码器的漏洞信息。 – SecTodayBot

• Dissecting a complex vulnerability and achieving arbitrary code execution in Ichitaro Word:
https://blog.talosintelligence.com/exploiting-low-severity-vulnerability-using-a-frame-pointer-overwrite/

   ・ 对JustSystems的Ichitaro Word Processor存在的多个高危漏洞进行的深入分析和利用开发 – SecTodayBot

* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号: 腾讯玄武实验室
https://weibo.com/xuanwulab


文章来源: https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651959570&idx=1&sn=86d2fe98d54d7aefb27949a56d2afa59&chksm=8baed18dbcd9589b829ef2ca3cc3913dc583a7511a563cb72f75d82aefae63d47d30c6aaa3da&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh