Tencent Security Xuanwu Lab Daily News

• Todesstern:
https://github.com/kleiton0x00/Todesstern

   ・ Todesstern是一个新的模糊测试工具引擎，可以用于发现注入漏洞。 – SecTodayBot

• Canary Infra: Bringing Honeypots towards general adoption:
https://tracebit.com/blog/2024/03/canary-infra-bringing-honeypots-into-general-adoption/

   ・ 引入了一个名为Canary Infra的新方法来解决传统蜜罐存在的一系列问题，为安全团队提供了更加高效的入侵检测方案。 – SecTodayBot

• CVE-2024-1212 Command Injection Exploit for Kemp LoadMaster 🛡️🔓:
https://github.com/Chocapikk/CVE-2024-1212

   ・ 针对Kemp LoadMaster的新漏洞CVE-2024-1212的利用方法，提供了相关的Python脚本作为PoC，并介绍了多线程扫描工具 – SecTodayBot

• MultiDump - Post-Exploitation Tool For Dumping And Extracting LSASS Memory Discreetly:
https://www.kitploit.com/2024/03/multidump-post-exploitation-tool-for.html

   ・ 一款用于在不触发Defender警报的情况下，悄悄地转储和提取LSASS内存的后渗透工具MultiDump – SecTodayBot

• Chaining N-days to Compromise All: Part 1 — Chrome Renderer RCE:
https://blog.theori.io/chaining-n-days-to-compromise-all-part-1-chrome-renderer-rce-1afccf56721b?source=social.tw

   ・ 细分析了Chrome渲染器中的CVE-2023–3079漏洞 – SecTodayBot

• Streamline your static analysis triage with SARIF Explorer:
https://blog.trailofbits.com/2024/03/20/streamline-the-static-analysis-triage-process-with-sarif-explorer/

   ・ SARIF Explorer是一款新开发的VSCode扩展工具，旨在简化静态分析结果的分类过程，提供直观的用户界面和多项实用功能，有助于提高用户的工作效率。 – SecTodayBot

• Netgear wireless router open to code execution after buffer overflow vulnerability:
https://blog.talosintelligence.com/vulnerability-roundup-march-20-2024/

   ・ 披露了多个与网络和图形产品相关的新漏洞，包括一种可能导致家用网络中流行的Netgear无线路由器发生远程代码执行的漏洞。此外，还有关于NVIDIA GPU图形驱动程序和Google Chrome视频编码器的漏洞信息。 – SecTodayBot

• Dissecting a complex vulnerability and achieving arbitrary code execution in Ichitaro Word:
https://blog.talosintelligence.com/exploiting-low-severity-vulnerability-using-a-frame-pointer-overwrite/

   ・ 对JustSystems的Ichitaro Word Processor存在的多个高危漏洞进行的深入分析和利用开发 – SecTodayBot

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号： 腾讯玄武实验室
https://weibo.com/xuanwulab