每日安全动态推送(3-27)
2024-3-27 12:2:32 Author: mp.weixin.qq.com(查看原文) 阅读量:3 收藏

Tencent Security Xuanwu Lab Daily News

• AzurEnum:
https://github.com/SySS-Research/azurenum

   ・ 用于枚举Azure AD信息的新工具 – SecTodayBot

• DynamicMSBuilder:
https://github.com/ZephrFish/DynamicMSBuilder

   ・ DynamicVars项目,其中包含一个自定义的MSBuild任务,用于对.NET项目的AssemblyInfo.cs文件进行更新,从而对C#二进制文件进行混淆。它是一个动态的MSBuild任务,用于帮助对C#二进制文件进行轻微混淆,以躲避每次编译时的静态签名。 – SecTodayBot

• Exploiting a bug in the Linux kernel with Zig:
https://richiejp.com/linux-kernel-exploit-tls_context-uaf

   ・ 披露了一个新的Linux内核漏洞CVE-2023-0461 – SecTodayBot

• Analyse, hunt and classify malware using .NET metadata:
https://bartblaze.blogspot.com/2024/03/analyse-hunt-and-classify-malware-using.html

   ・ 开发用于检测恶意软件的Yara规则和了解.NET程序集 – SecTodayBot

• Using the Yara rule::
https://github.com/bartblaze/DotNet-MetaData

   ・ 使用Yara规则和Python脚本来分析和分类恶意软件 – SecTodayBot

• New remote control backdoor leveraging malicious drivers emerges in China:
https://www.broadcom.com/support/security-center/protection-bulletin/new-remote-control-backdoor-leveraging-malicious-drivers-emerges-in-china

   ・ 介绍了一种新的远程控制后门 – SecTodayBot

• Weak Fiat-Shamir Attacks on Modern Proof Systems:
https://eprint.iacr.org/2023/691

   ・ 介绍了对现代证明系统中弱Fiat-Shamir攻击的研究。研究填补了对现代证明系统中错误应用Fiat-Shamir转换的风险的知识空白,并发现了36个影响12种不同证明系统的弱F-S实现。研究人员对其中四种系统进行了新型知识完备性攻击,并展示了弱F-S漏洞可能导致私人区块链协议中无限货币创造的情况。 – SecTodayBot

• Identify and Investigate Uncommon DNS Traffic:
https://feedpress.me/link/23532/16630933/identify-and-investigate-uncommon-dns-traffic

   ・ 介绍了如何使用Cisco Umbrella APIs来编程过滤不常见的DNS请求,通过比较Umbrella的Top 1-Million Domains列表来确定不常见的流量,并使用Umbrella Investigate进一步调查这些不常见的域名。 – SecTodayBot

• Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others:
https://thehackernews.com/2024/03/hackers-hijack-github-accounts-in.html

   ・ 介绍了一场复杂的攻击活动,涉及到GitHub账户和PyPI存储库的软件供应链攻击,详细分析了攻击者使用的多种攻击手段和对恶意代码的隐藏,展示了对开源软件包生态系统的滥用,并揭示了恶意软件的多阶段感染过程。 – SecTodayBot

• Security Advisory: Remote Command Execution in Cisco Access Point WAP Products:
https://onekey.com/blog/security-advisory-remote-command-execution-in-cisco-access-point-wap-products/

   ・ 介绍了针对Cisco WAP371固件版本1.3.0.7的漏洞披露和分析,涵盖了格式字符串漏洞和命令注入漏洞 – SecTodayBot

• Identifying Malicious Bytes in Malware:
https://gatari.dev/posts/identifying-malicious-bytes-in-malware/

   ・ 介绍了一种新的绕过静态检测和识别恶意字节的方法,通过分析已知的恶意字节序列并用良性字节替换,以逃避安全产品的检测。 – SecTodayBot

• Hacking the Giant: How I Discovered Google’s Vulnerability and Hall of Fame Recognition:
https://medium.com/@hncaga/hacking-the-giant-how-i-discovered-googles-vulnerability-and-hall-of-fame-recognition-694a9c18684a

   ・ 讲述了作者在Google子域中发现XSS漏洞的过程,介绍了漏洞的挖掘方法,并展示了作者在Google名人堂中的认可。 – SecTodayBot

* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号: 腾讯玄武实验室
https://weibo.com/xuanwulab


文章来源: https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651959576&idx=1&sn=6833bac00ddf755f5f9ad5e5270f78d7&chksm=8baed187bcd95891ef41baedd0844d39e88789ee3a8736e8480d2164d4734327288dc2a1b7c0&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh