Tencent Security Xuanwu Lab Daily News

• Windows Kernel Rootkit in Rust (shadow-rs) 🦀:
https://github.com/joaoviictorti/shadow-rs

   ・ 使用Rust语言在Windows内核中开发rootkit的项目 – SecTodayBot

• SyzBridge:
https://github.com/seclab-ucr/SyzBridge

   ・ SyzBridge项目是一个研究项目，旨在为Linux内核漏洞的利用性评估提供新工具。该项目提供了丰富的接口，能够在上游和下游发行版之间弥合利用性评估的差距，同时还提供了与其他基于Syzbot的工具SyzScope的集成。 – SecTodayBot

• Create your own custom implant:
https://www.ribbiting-sec.info/posts/2024-07-31_implant/

   ・ 创建自定义植入物以避免被EDR检测 – SecTodayBot

• Teaching the Old .NET Remoting New Exploitation Tricks:
https://github.com/codewhitesec/NewRemotingTricks

   ・ 探讨了.NET Remoting的利用技术，揭示了新的漏洞利用技巧和限制 – SecTodayBot

• One for all and all for WHAD: wireless shenanigans made easy !:
https://defcon.org/html/defcon-32/dc-32-speakers.html

   ・ 对goTenna Pro无线电和Diebold Nixdorf’s Vynamic Security Suite存在的漏洞进行的安全研究 – SecTodayBot

• Fuzzy matching with Ghidra BSim, a guide:
https://www.pentestpartners.com/security-blog/fuzzy-matching-with-ghidra-bsim-a-guide/

   ・ Ghidra的新内置插件BSim是一款逆向固件和其他剥离二进制文件的重要工具，提供了模糊匹配功能，可在已知库中快速识别和注释函数，并与未知内容进行匹配。 – SecTodayBot

• From Limited file read to full access on Jenkins (CVE-2024-23897):
https://xphantom.nl/posts/crypto-attack-jenkins/

   ・ Jenkins服务器中的关键漏洞CVE-2024-23897进行深入分析和利用的技术细节。 – SecTodayBot

• Windows AppLocker Driver LPE Vulnerability - CVE-2024-21338 - Crowdfense:
https://www.crowdfense.com/windows-applocker-driver-lpe-vulnerability-cve-2024-21338/

   ・ Windows AppLocker驱动程序的特权提升漏洞CVE-2024-21338及其利用方式。 – SecTodayBot

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab