Tencent Security Xuanwu Lab Daily News

• Stories from the SoC Part 1: IDAT Loader to BruteRatel:
https://blog.rapid7.com/2024/03/28/stories-from-the-soc-part-1-idat-loader-to-bruteratel/

   ・ 对新发现的恶意软件加载器IDAT Loader的技术分析，包括其逃避沙盒、反分析技术和下载数据解密过程。 – SecTodayBot

• A fake telnet server compatible with Mirai - Mirai will detect this Telnet server as a vulnerable target and report it to the scan listener.:
https://gist.github.com/nezza/34b89eb664355515b86f69dd2ea0a7ec

   ・ 介绍了如何创建一个与Mirai兼容的假Telnet服务器，提供了一种新的模糊测试方法。 – SecTodayBot

• Intel PowerGadget 3.6 Local Privilege Escalation:
https://seclists.org/fulldisclosure/2024/Mar/43

   ・ 介绍了英特尔 PowerGadget 中的本地提权漏洞。推荐使用 WixQuietExec() 方法来调用 sc.exe，以防止 GUI 交互和逃逸。 – SecTodayBot

• PCIe Part 2 - All About Memory: MMIO, DMA, TLPs, and more!:
https://ctf.re/kernel/pcie/tutorial/dma/mmio/tlp/2024/03/26/pcie-part-2/

   ・ 讨论了PCIe中的数据传输方法，重点介绍了高速I/O的两种形式：内存映射I/O（MMIO）和直接内存访问（DMA）。 – SecTodayBot

• Roadmap - rev.ng:
https://rev.ng/roadmap#feature-857

   ・ 介绍了一项关键的网络安全技术——反编译器的发展规划和技术路线 – SecTodayBot

• From ChatBot To SpyBot: ChatGPT Post Exploitation:
https://www.imperva.com/blog/from-chatbot-to-spybot-chatgpt-post-exploitation/

   ・ 讨论了AI集成到日常生活中可能带来的安全隐患，特别关注了OpenAI的ChatGPT存在的漏洞和风险。文章详细分析了XSS漏洞的根本原因，并包含了用于利用漏洞的POC。 – SecTodayBot

• From JavaScript to AsyncRAT:
https://isc.sans.edu/diary/rss/30788

   ・ 讨论了JavaScript的混淆技术 – SecTodayBot

• Eavesdropping on keyboard keystrokes:
https://www.kaspersky.com/blog/acoustic-side-channel-attack/50857/?reseller=sea_regular-sm_acq_ona_smm__onl_b2b_fbo_lnk_sm-team______&utm_source=twitter&utm_medium=social&utm_campaign=apac_JEEK_je0066&utm_content=link&utm_term=apac_twitter_organic_wfl7efrfype664z

   ・ 通过声音记录按键的研究，科学家们发现了潜在的信息泄露风险，尤其是利用神经网络来预测整个单词的新方法。 – SecTodayBot

• New ZenHammer Attack Bypasses RowHammer Defenses on AMD CPUs:
https://thehackernews.com/2024/03/new-zenhammer-attack-bypasses-rowhammer.html

   ・ 介绍了瑞士苏黎世联邦理工学院的网络安全研究人员开发了一种新的RowHammer DRAM攻击变种，首次成功针对AMD Zen 2和Zen 3系统进行攻击。 – SecTodayBot

• Structure-Aware linux kernel Fuzzing with libFuzzer:
https://r00tkitsmm.github.io/fuzzing/2024/03/27/libffuzzerkernel.html

   ・ 介绍了使用libfuzzer和libprotobuf-mutator等新方法和工具进行模糊测试的实验 – SecTodayBot

• MySQL2: Dangers of User-Defined Database Connections:
https://blog.slonser.info/posts/mysql2-attacker-configuration/

   ・ 分析了MySQL2库中用户定义数据库连接所带来的远程代码执行（RCE）漏洞 – SecTodayBot

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab