每日安全动态推送(1-3)
2024-1-3 09:56:18 Author: mp.weixin.qq.com(查看原文) 阅读量:7 收藏

Tencent Security Xuanwu Lab Daily News

• Schedule 37th Chaos Communication Congress:
https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/12142.html

   ・ 揭示了火车控制系统的安全漏洞,并详细分析了漏洞的根本原因 – SecTodayBot

• Automating RTFM with ChatGPT: A Security Researcher’s Guide to Vulnerability Discovery with the Help of LLMs – nullg0re InfoSec:
https://nullg0re.com/2023/12/automating-rtfm-with-chatgpt-a-security-researchers-guide-to-vulnerability-discovery-with-the-help-of-llms/

   ・ 通过阅读Microsoft远程桌面协议文档来识别漏洞,并展示了一种用于漏洞发现和分析的新工具。 – SecTodayBot

• There’s One Last Gift Under the Tree, It’s Hands-On IoT!:
https://blog.rapid7.com/2023/12/27/theres-one-last-gift-under-the-tree-its-hands-on-iot/

   ・ Rapid7发布了一篇有关在DefCon大会上攻破物联网摄像头的实践性文章。文章详细分析了通过UART对IP摄像头进行入侵的过程 – SecTodayBot

• UEFI bootkits: malware loaded before the system:
https://www.kaspersky.com/blog/logofail-uefi-vulnerabilities/50160/?reseller=gb_kdaily-blog_acq_ona_smm__all_b2c_some_sma_sm-team______&utm_source=twitter&utm_medium=social&utm_campaign=gl_kdaily-blog_ag0241&utm_content=sm-post&utm_term=gl_twitter_organic_241sctpamz3ofat

   ・ 介绍了UEFI固件中的漏洞LogoFAIL攻击,通过替换厂商标志的图像来执行任意代码 – SecTodayBot

• New Tools & Resources:
https://buff.ly/48qdPyA

   ・ 介绍了一系列新的网络安全工具,包括CodeQL、Tealer和ZKDocs,以及与人工智能驱动的安全系统、加密算法漏洞和模糊测试工具相关的内容。 – SecTodayBot

• Operation Triangulation: The last (hardware) mystery:
https://kas.pr/t3s6

   ・ 一种针对iPhone的复杂攻击链,并披露了新的漏洞和利用方式,包括针对Adobe、Apple、Google和Microsoft产品的零日漏洞。文章详细分析了Operation Triangulation攻击的根本原因,包括利用各种漏洞的过程,并提供了关于攻击所使用的利用技术和漏洞的详细信息。 – SecTodayBot

• Lecture: Fuzz Everything, Everywhere, All at Once | Thursday | Schedule 37th Chaos Communication Congress:
https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/12102.html

   ・ 本文介绍了基于 QEMU 的高级模糊测试技术,展示了 AFLplusplus 项目的维护者使用 QEMU 探索难以进行二进制目标的新方法。 – SecTodayBot

• Lecture: Fuzzing the TCP/IP stack | Friday | Schedule 37th Chaos Communication Congress:
https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/12235.html

   ・ 介绍了在网络安全领域中关于TCP/IP堆栈模糊测试的新方法和工具 – SecTodayBot

* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


文章来源: https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651959482&idx=1&sn=c36efbb839c9fef0a9ebcb19b476bea3&chksm=8baed025bcd9593356f213b2fd182246de9fd0634c4fab852c4b68519a9c817e45cc657eeb17&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh