Tencent Security Xuanwu Lab Daily News

• GitHub - xtekky/TikTok-X-Ladon: TikTok X-Ladon Signature:
https://github.com/xtekky/TikTok-X-Ladon/tree/main

   ・ 介绍了TikTok使用的X-Ladon HTTP签名的加密方法及相关Python脚本 – SecTodayBot

• GitHub - hubert3/iSniff-GPS: Passive sniffing tool for capturing and visualising WiFi location data disclosed by iOS devices:
https://github.com/hubert3/iSniff-GPS

   ・ Passive sniffing tool for capturing and visualising WiFi location data disclosed by iOS devices – SecTodayBot

• GitHub - infosecn1nja/VeilTransfer: VeilTransfer is a data exfiltration utility designed to test and enhance the detection capabilities. This tool simulates real-world data exfiltration techniques used by advanced threat actors, allowing organizations to evaluate and improve their security posture.:
https://github.com/infosecn1nja/VeilTransfer

   ・ VeilTransfer是一种数据泄露实用程序，旨在测试和增强检测能力。它支持多种数据外泄方法，包括MEGA、Github、SFTP、WebDAV等，可用于评估和改进安全状况。 – SecTodayBot

• HughesNet HT2000W Satellite Modem Password Reset:
https://packetstormsecurity.com/files/180367

   ・ HughesNet HT2000W卫星调制解调器中的漏洞CVE-2021-20090的利用 – SecTodayBot

• GitHub - ynwarcs/CVE-2024-38063: poc for CVE-2024-38063 (RCE in tcpip.sys):
https://github.com/ynwarcs/CVE-2024-38063

   ・ 介绍了CVE-2024-38063漏洞的技术细节和利用方法，包括了漏洞的根本原因分析和利用的POC – SecTodayBot

• Hackers can take over Ecovacs home robots to spy on their owners:
https://securityaffairs.com/167508/hacking/researchers-hacked-ecovacs-devices.html

   ・ 研究人员在最近的Def Con黑客大会上披露了对Ecovacs吸尘器和割草机机器人的新漏洞信息 – SecTodayBot

• GitHub - runZeroInc/sshamble: SSHamble: Unexpected Exposures in SSH:
https://github.com/runZeroInc/sshamble

   ・ SSHamble是一个用于SSH实现的研究工具，提供了对认证的攻击、会话后的认证攻击、预认证状态转换、认证时序分析和会话后枚举等功能。 – SecTodayBot

• Unveiling Mobile App Vulnerabilities: How Popular Apps Leak Sensitive Data:
https://symantec-enterprise-blogs.security.com/threat-intelligence/mobile-app-data-leak

   ・ 披露了多个知名Android和iOS应用程序存在的数据泄露漏洞 – SecTodayBot

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab