Tencent Security Xuanwu Lab Daily News

• Callander, A Sandboxing Tool That Knows Exactly What Syscalls to Allow:
https://rpetrich.com/blog/posts/announcing-callander/

   ・ Callander是一个新的用于sandboxing x86-64和ARM64 Linux程序的工具，它通过分析目标程序的执行路径来建立系统调用列表，从而实现更精确和有效的系统调用sandboxing – SecTodayBot

• Blue Galaxy Energy: a new White-box Cryptanalysis Open Source Tool:
http://blog.quarkslab.com/blue-galaxy-energy-a-new-white-box-cryptanalysis-open-source-tool.html

   ・ 一种新的用于AES白盒实现的密码分析工具，Blue Galaxy Energy，它是基于BGE攻击的开源实现。 – SecTodayBot

• oss-security - New SMTP smuggling attack:
https://www.openwall.com/lists/oss-security/2023/12/21/6

   ・ 披露了一种新的 SMTP 走私攻击漏洞，详细分析了这一漏洞的根本原因和潜在影响。 – SecTodayBot

• Weaponizing DHCP DNS Spoofing — A Hands-On Guide:
https://www.akamai.com/blog/security-research/weaponizing-dhcp-dns-spoofing-hands-on-guide

   ・ 针对使用Microsoft Dynamic Host Configuration Protocol (DHCP)服务器的Active Directory域的攻击，可以伪造DNS记录。 – SecTodayBot

• PoolParty: A set of fully-undetectable process injection techniques:
https://securityonline.info/poolparty-a-set-of-fully-undetectable-process-injection-techniques/

   ・ 介绍了一套全面不可检测的进程注入技术，利用Windows线程池，该技术在Black Hat EU 2023 Briefings上进行了演示。文章介绍了PoolParty工具的使用方法以及默认的shellcode，展示了其对Windows操作系统的利用。  – SecTodayBot

• Kerberos OPSEC: Offense & Detection Strategies for Red and Blue Team – Part 1 : Kerberoasting:
https://www.intrinsec.com/kerberos_opsec_part_1_kerberoasting/?cn-reloaded=1

   ・ 本文介绍了Kerberoasting攻击以及相关的检测策略，重点分析了使用弱密码可能存在的潜在漏洞，同时介绍了Rubeus工具用于查询具有SPN的帐户和获取KRB_TGS_REP的用法。  – SecTodayBot

• Huffman table hacking tool:
https://github.com/caoweiquan322/NotEnough

   ・ 针对libwebp库的漏洞利用工具，通过构建不完整的树来触发内存溢出漏洞，对核心的网络安全技术进行了详细分析，并提供了利用漏洞的演示和步骤。 – SecTodayBot

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab