Tencent Security Xuanwu Lab Daily News

• KatWalk C2: p.5: overclocking and bugfixing:
https://medium.com/@datacompboy/katwalk-c2-p-5-overclocking-and-bugfixing-0ff1fd853e49

   ・ 介绍了使用Ghidra分析ARM固件的方法 – SecTodayBot

• Shazzer - Shared online fuzzing:
https://shazzer.co.uk/

   ・ 介绍了一种在线模糊测试工具，即共享在线fuzzer – SecTodayBot

• Zygisk-based reFlutter:
https://tinyhack.com/2024/04/09/zygisk-based-reflutter/

   ・ 本文介绍了针对Rooted Android手机开发的Zygisk模块，以及与Magisk一起使用的安全工具。该工具简化了对Flutter应用进行测试和逆向工程的过程 – SecTodayBot

• April’s Patch Tuesday includes 150 vulnerabilities, 60 which could lead to remote code execution:
https://cs.co/6018we3gQ

   ・ 微软披露了150个漏洞，其中包括60多个可能导致远程代码执行的漏洞。文章介绍了微软发布了新的Snort规则集，用于检测对其中一些漏洞的利用尝试。  – SecTodayBot

• KDMapper:
https://github.com/TheCruZ/kdmapper

   ・ KDMapper是一个利用iqvw64e.sys Intel驱动程序手动映射非签名驱动程序到内存的工具。 – SecTodayBot

• Sicat - The Useful Exploit Finder:
https://dlvr.it/T5H3b8

   ・ SiCat是一个先进的漏洞搜索工具，旨在有效识别和收集来自开放源和本地存储库的漏洞信息，为了加强系统安全性，SiCat允许用户快速搜索在线资源，找到潜在的漏洞和相关的利用方式。 – SecTodayBot

• Telegram Users Warned of Potential Security Risk:
https://www.bitdegree.org/crypto/news/telegram-users-warned-of-potential-security-risk?utm_source=reddit&utm_medium=social&utm_campaign=reddit-telegram-security

   ・ 电报存在高风险漏洞，可能导致远程代码执行攻击，建议用户关闭媒体文件的自动下载功能。  – SecTodayBot

• reverst: HTTP reverse tunnels over QUIC:
https://github.com/flipt-io/reverst/

   ・ Reverst是一个基于QUIC和HTTP/3构建的负载均衡反向隧道服务器和Go服务-客户端库 – SecTodayBot

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab