每日安全动态推送(8-6)
2024-8-6 17:11:13 Author: mp.weixin.qq.com(查看原文) 阅读量:4 收藏

Tencent Security Xuanwu Lab Daily News

• Windows Kernel Rootkit in Rust (shadow-rs) 🦀:
https://github.com/joaoviictorti/shadow-rs

   ・ 使用Rust语言在Windows内核中开发rootkit的项目 – SecTodayBot

• SyzBridge:
https://github.com/seclab-ucr/SyzBridge

   ・ SyzBridge项目是一个研究项目,旨在为Linux内核漏洞的利用性评估提供新工具。该项目提供了丰富的接口,能够在上游和下游发行版之间弥合利用性评估的差距,同时还提供了与其他基于Syzbot的工具SyzScope的集成。 – SecTodayBot

• Create your own custom implant:
https://www.ribbiting-sec.info/posts/2024-07-31_implant/

   ・ 创建自定义植入物以避免被EDR检测 – SecTodayBot

• Teaching the Old .NET Remoting New Exploitation Tricks:
https://github.com/codewhitesec/NewRemotingTricks

   ・ 探讨了.NET Remoting的利用技术,揭示了新的漏洞利用技巧和限制 – SecTodayBot

• One for all and all for WHAD: wireless shenanigans made easy !:
https://defcon.org/html/defcon-32/dc-32-speakers.html

   ・ 对goTenna Pro无线电和Diebold Nixdorf’s Vynamic Security Suite存在的漏洞进行的安全研究 – SecTodayBot

• Fuzzy matching with Ghidra BSim, a guide:
https://www.pentestpartners.com/security-blog/fuzzy-matching-with-ghidra-bsim-a-guide/

   ・ Ghidra的新内置插件BSim是一款逆向固件和其他剥离二进制文件的重要工具,提供了模糊匹配功能,可在已知库中快速识别和注释函数,并与未知内容进行匹配。 – SecTodayBot

• From Limited file read to full access on Jenkins (CVE-2024-23897):
https://xphantom.nl/posts/crypto-attack-jenkins/

   ・ Jenkins服务器中的关键漏洞CVE-2024-23897进行深入分析和利用的技术细节。 – SecTodayBot

• Windows AppLocker Driver LPE Vulnerability - CVE-2024-21338 - Crowdfense:
https://www.crowdfense.com/windows-applocker-driver-lpe-vulnerability-cve-2024-21338/

   ・ Windows AppLocker驱动程序的特权提升漏洞CVE-2024-21338及其利用方式。 – SecTodayBot

* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


文章来源: https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651959751&idx=1&sn=5b2d474762da741980405f3c43b36f85&chksm=8baed158bcd9584efb2538c18581607f0cb6e2fb037e29d59e2c011523d5d985a59eb5fb79e2&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh