Tencent Security Xuanwu Lab Daily News

• Use Wasm to Bypass Latest Chrome v8sbx Again:
https://medium.com/@numencyberlabs/use-wasm-to-bypass-latest-chrome-v8sbx-again-639c4c05b157

   ・ 介绍了使用Wasm绕过最新Chrome v8sbx的方法，通过对PartitionAlloc进行研究，实现了任意读写操作 – SecTodayBot

• From Akamai to F5 to NTLM... with love.:
https://blog.malicious.group/from-akamai-to-f5-to-ntlm/

   ・ 展示如何滥用Akamai及F5来窃取他们客户的授权和会话令牌等内部数据 – SecTodayBot

• Elastic catches DPRK passing out KANDYKORN — Elastic Security Labs:
https://www.elastic.co/security-labs/elastic-catches-dprk-passing-out-kandykorn?ultron=esl:_threat_research%2Bdata_breach_updates&blade=twitter&hulk=social&utm_content=11686905080&linkId=245208259

   ・ 弹性安全实验室揭示了朝鲜试图通过新型macOS恶意软件感染区块链工程师的行为。 – SecTodayBot

• Add Exploit For CVE-2023-46747 (F5 TMUI AJP Smuggling RCE) by zeroSteiner · Pull Request #18497 · rapid7/metasploit-framework:
https://buff.ly/3shIKNX

   ・ 此模块利用了F5 BIG-IP Traffic Management User Interface（TMUI）中的一个漏洞，使得外部未经身份验证的攻击者可以创建管理员用户，并使用新账户执行命令负载。 – SecTodayBot

• Evading Logging in the Cloud Bypassing AWS CloudTrail:
https://youtube.com/watch?v=OraWbzAn5A8

   ・ 学习如何绕过AWS CloudTrail，避免在云端留下痕迹，保护你的隐私和安全。 – SecTodayBot

• Multiple Layers of Anti-Sandboxing Techniques - SANS Internet Storm Center:
https://i5c.us/d30362

   ・ 这篇文章介绍了一个包含许多反沙箱技术的恶意Python脚本，它能检测调试器、物理内存、键盘输入和鼠标移动等环境特征，只有当所有检测结果为负时才会执行恶意操作。 – SecTodayBot

• PatchaPalooza:
https://github.com/xaitax/PatchaPalooza

   ・ PatchaPalooza是一款全面的工具，提供对Microsoft每月安全更新的深入分析。 – SecTodayBot

• Never Trust Your Victim: Weaponizing Vulnerabilities in Security Scanners:
https://www.usenix.org/conference/raid2020/presentation/valenza

   ・ 研究发现，扫描器也存在漏洞，攻击者可能成为反击的受害者。 – SecTodayBot

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab