Tencent Security Xuanwu Lab Daily News
• Dastardly From BurpSuite: Lightweight Web App Security Scanner:
https://cybersecuritynews.com/dastardly-web-app-security-scanner/
・ 扫描 Web 应用程序的部署状态并检测易受 DAST 攻击的 Web 应用程序的工具
– SecTodayBot
• Sharing is Not Caring: Hunting for Network Share Discovery:
https://www.splunk.com/en_us/blog/security/sharing-is-not-caring-hunting-for-file-share-discovery.html
・ Windows Active Directory 中网络共享技术的检测
– SecTodayBot
• Microsoft Keys:
https://blog.dshr.org/2023/09/microsoft-keys.html
・ Web Pki 安全的致命弱点:使用本地根存储作为中间人代理来过滤 SSL/TLS 加密的流量过滤代理
– SecTodayBot
• Executable and Linkable Format 101 Part 4: Dynamic Linking:
https://intezer.com/blog/malware-analysis/executable-linkable-format-101-part-4-dynamic-linking/
・ 可执行文件及链接文件格式介绍
– SecTodayBot
• JVNVU#93886750 Phoenix Technologies Windows kernel driver vulnerable to insufficient access control on its IOCTL:
https://jvn.jp/en/vu/JVNVU93886750/
・ Phoenix Technologies 公司开发的Windows内核驱动存在对IOCTL的访问控制不足的漏洞,可能导致固件被擦除或更改
– SecTodayBot
• Latest Jailbreak News: Access to /var ACHIEVED with the KFD exploit on iOS 15.0 – 16.5:
https://idevicecentral.com/jailbreak-news/sandbox-escape-var-access-achieved-kfd-ios-16/
・ KFD 是有史以来发布的第一个针对 iOS 16 的内核漏洞
– SecTodayBot
• Just for fun: What happens when you shift a register by more than the register size?:
https://devblogs.microsoft.com/oldnewthing/20230904-00/?p=108704
・ 处理器寄存器大小行为的研究
– SecTodayBot
• 利用新的 IDAT Loader 执行信息窃取程序分析:
https://paper.seebug.org/3027/
・ 恶意软件利用新的 IDAT Loader 加载执行
– SecTodayBot
• ARM64 Reversing And Exploitation Part 7 – Bypassing ASLR And NX:
https://8ksec.io/arm64-reversing-and-exploitation-part-7-bypassing-aslr-and-nx/
・ ARM64 逆向和利用第 7 部分 – 通过基于堆溢出漏洞绕过 ASLR 和 NX
– SecTodayBot
• Fault Injection Reference Model (FIRM):
https://raelize.com/blog/raelize-fi-reference-model/
・ 一种用于理解故障注入物理原理的工具,一种绕过安全启动和在 Linux 上升级权限的技术,可以用于实现代码执行、提升权限或提取加密密钥
– SecTodayBot
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(9-8)
