每日安全动态推送(4-15)
2024-4-15 11:27:59 Author: mp.weixin.qq.com(查看原文) 阅读量:0 收藏

Tencent Security Xuanwu Lab Daily News

• Re: New Linux LPE via GSMIOC_SETCONF_DLCI?:
https://seclists.org/oss-sec/2024/q2/103

   ・ 针对Linux内核的新漏洞信息和利用方法 – SecTodayBot

• oss-security - Re: Fwd: X.Org Security Advisory: Issues in X.Org X server prior to 21.1.12 and Xwayland prior to 23.2.5:
https://www.openwall.com/lists/oss-security/2024/04/12/10

   ・ 介绍了X.Org X服务器和Xwayland实现中存在的安全漏洞 – SecTodayBot

• PentestGPT solves Jarvis - Part 1:
https://www.youtube.com/watch?v=lAjLIj1JT3c

   ・ 介绍了PentestGPT解决HTB Jarvis题目的过程 – SecTodayBot

• The Worst (But Only) Claude 3 Tokenizer | Javier Rando:
https://javirando.com/blog/2024/claude-tokenizer/

   ・ 介绍了对Claude 3 tokenizer的逆向工程,通过分析生成的流来反向工程tokenizer的过程。 – SecTodayBot

• Objective-See:
https://objective-see.org/blog/blog_0x18.html

   ・ 讨论了与 APT28 相关的新型 Mac 恶意软件,其中包含了关于恶意软件的代码注入特性的详细分析 – SecTodayBot

• Bypassing UAC using App Paths:
https://posts.specterops.io/bypassing-uac-using-app-paths-9249d8cbe9c9

   ・ 介绍了一种绕过Windows中用户账户控制(UAC)的技术,通过利用sdclt.exe程序的自动提权特性,成功实现了UAC的绕过。 – SecTodayBot

• DEF CON 24 - Vulnerabilities 101: How to Launch or Improve Your Vulnerability Research Game:
https://www.youtube.com/watch?v=tume8JE6seY&feature=youtu.be

   ・ 讨论了如何改善漏洞研究 – SecTodayBot

* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号: 腾讯玄武实验室
https://weibo.com/xuanwulab


文章来源: https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651959600&idx=1&sn=d54119c81dd802fcf5df67989948a9a9&chksm=8baed1afbcd958b9e87f571d4f092f6a9d3db9448ce34133db6052f4de3a78367f4eb7a94505&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh