Tencent Security Xuanwu Lab Daily News

• Pentesting with Secure LDAP and LDAP Channel Binding:
https://rootsecdev.medium.com/pentesting-with-secure-ldap-and-ldap-channel-binding-fd5baa0f7345

   ・ 介绍了使用安全LDAP和LDAP通道绑定进行渗透测试的方法 – SecTodayBot

• oss-security - libarchive 3.7.4 released with 2 security fixes:
https://www.openwall.com/lists/oss-security/2024/06/04/2

   ・ libarchive 3.7.4发布了两个安全修复，其中一个是rar过滤器的越界访问漏洞，另一个是zip文件的越界访问漏洞。 – SecTodayBot

• Windows Rootkits Guide:
https://artemonsecurity.blogspot.com/2024/06/windows-rootkits-guide.html?m=1

   ・ 介绍了关于Windows内核和rootkits研究的内容 – SecTodayBot

• Urgent Security Update for Zyxel NAS Devices: Patches Available for Critical Flaws:
https://securityonline.info/urgent-security-update-for-zyxel-nas-devices-patches-available-for-critical-flaws/

   ・ Zyxel NAS设备的紧急安全更新，披露了设备中存在的严重漏洞 – SecTodayBot

• Molding Lies Into Reality || Exploiting CVE-2024-4358:
https://summoning.team/blog/progress-report-server-rce-cve-2024-4358-cve-2024-1800/

   ・ 该文章详细分析了对Telerik Report Server中的反序列化漏洞的利用方法，包括了披露新漏洞信息、根本原因分析、利用漏洞所需的Exploit – SecTodayBot

• One Key Bug in OneKey Mini:
https://offside.io/blog/one-key-bug-in-onekey-mini

   ・ 发现了硬件钱包中的重大安全漏洞，包括Trezor、KeepKey和OneKey等知名硬件钱包制造商的漏洞，突出了硬件钱包存在的潜在风险 – SecTodayBot

• Exploiting Android's Hardened Memory Allocator:
https://www.usenix.org/conference/woot24/presentation/mao

   ・ 对Android的强化内存分配器进行利用 – SecTodayBot

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab