Tencent Security Xuanwu Lab Daily News

• CVE-2023-29357 – Microsoft SharePoint ValidateTokenIssuer 身份验证绕过漏洞分析:
https://paper.seebug.org/3021/

   ・ Microsoft SharePoint ValidateTokenIssuer 身份验证绕过漏洞分析 – SecTodayBot

• From Hidden Bee to Rhadamanthys - The Evolution of Custom Executable Formats - Check Point Research:
https://research.checkpoint.com/2023/from-hidden-bee-to-rhadamanthys-the-evolution-of-custom-executable-formats/

   ・ 介绍恶意软件所使用的自制可执行程序的结构 – SecTodayBot

• File Binding Methods(RTC0015):
https://redteamrecipe.com/File-Binding-Methods/

   ・ 创建文件绑定方法总结 – lanying37

• How To Hack WhatsApp & Telegram Using SS7 Flaw:
https://gist.github.com/Esauromano/adbb23118b8fdb2a52cd3d283086e25a

   ・ 利用Signalling System 7漏洞可以以任意手机号发送、接受短信，借此可用来攻击WhatsApp、Telegram等应用 – SecTodayBot

• Zenbleed (CVE-2023-20593):
https://www.youtube.com/watch?v=9EY_9KtxyPg

   ・ 影响 AMD Zen2 全系列 CPU 的漏洞 – SecTodayBot

• Phishing with Visual Studio Code:
https://vimeo.com/853281700?share=copy

   ・ 基于VS Code的钓鱼 – SecTodayBot

• What is a "good" Linux Kernel bug?:
https://blog.isosceles.com/what-is-a-good-linux-kernel-bug/

   ・ 对于 Linux 内核来说，什么样的漏洞是”好“漏洞？ – SecTodayBot

• SS7 Attack Simulator based on RestComm's jss7.:
https://github.com/polarking/jss7-attack-simulator

   ・ SS7 攻击模拟器 – SecTodayBot

• Game of Rars--探索 WinRAR 中新的远程代码执行漏洞（CVE-2023-40477）:
https://paper.seebug.org/3019/

   ・ 探索 WinRAR 中新的远程代码执行漏洞 – SecTodayBot

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab