每日安全动态推送(4-15)

Tencent Security Xuanwu Lab Daily News

• Re: New Linux LPE via GSMIOC_SETCONF_DLCI?:
https://seclists.org/oss-sec/2024/q2/103

   ・ 针对Linux内核的新漏洞信息和利用方法 – SecTodayBot

• oss-security – Re: Fwd: X.Org Security Advisory: Issues in X.Org X server prior to 21.1.12 and Xwayland prior to 23.2.5:
https://www.openwall.com/lists/oss-security/2024/04/12/10

   ・ 介绍了X.Org X服务器和Xwayland实现中存在的安全漏洞 – SecTodayBot

• PentestGPT solves Jarvis – Part 1:
https://www.youtube.com/watch?v=lAjLIj1JT3c

   ・ 介绍了PentestGPT解决HTB Jarvis题目的过程 – SecTodayBot

• The Worst (But Only) Claude 3 Tokenizer | Javier Rando:
https://javirando.com/blog/2024/claude-tokenizer/

   ・ 介绍了对Claude 3 tokenizer的逆向工程，通过分析生成的流来反向工程tokenizer的过程。 – SecTodayBot

• Objective-See:
https://objective-see.org/blog/blog_0x18.html

   ・ 讨论了与 APT28 相关的新型 Mac 恶意软件，其中包含了关于恶意软件的代码注入特性的详细分析 – SecTodayBot

• Bypassing UAC using App Paths:
https://posts.specterops.io/bypassing-uac-using-app-paths-9249d8cbe9c9

   ・ 介绍了一种绕过Windows中用户账户控制（UAC）的技术，通过利用sdclt.exe程序的自动提权特性，成功实现了UAC的绕过。 – SecTodayBot

• DEF CON 24 – Vulnerabilities 101: How to Launch or Improve Your Vulnerability Research Game:
https://www.youtube.com/watch?v=tume8JE6seY&feature=youtu.be

   ・ 讨论了如何改善漏洞研究 – SecTodayBot

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号： 腾讯玄武实验室
https://weibo.com/xuanwulab

原文始发于微信公众号（腾讯玄武实验室）：每日安全动态推送(4-15)