Tencent Security Xuanwu Lab Daily News

• AzurEnum:
https://github.com/SySS-Research/azurenum

   ・ 用于枚举Azure AD信息的新工具 – SecTodayBot

• DynamicMSBuilder:
https://github.com/ZephrFish/DynamicMSBuilder

   ・ DynamicVars项目，其中包含一个自定义的MSBuild任务，用于对.NET项目的AssemblyInfo.cs文件进行更新，从而对C#二进制文件进行混淆。它是一个动态的MSBuild任务，用于帮助对C#二进制文件进行轻微混淆，以躲避每次编译时的静态签名。 – SecTodayBot

• Exploiting a bug in the Linux kernel with Zig:
https://richiejp.com/linux-kernel-exploit-tls_context-uaf

   ・ 披露了一个新的Linux内核漏洞CVE-2023-0461 – SecTodayBot

• Analyse, hunt and classify malware using .NET metadata:
https://bartblaze.blogspot.com/2024/03/analyse-hunt-and-classify-malware-using.html

   ・ 开发用于检测恶意软件的Yara规则和了解.NET程序集 – SecTodayBot

• Using the Yara rule::
https://github.com/bartblaze/DotNet-MetaData

   ・ 使用Yara规则和Python脚本来分析和分类恶意软件 – SecTodayBot

• New remote control backdoor leveraging malicious drivers emerges in China:
https://www.broadcom.com/support/security-center/protection-bulletin/new-remote-control-backdoor-leveraging-malicious-drivers-emerges-in-china

   ・ 介绍了一种新的远程控制后门 – SecTodayBot

• Weak Fiat-Shamir Attacks on Modern Proof Systems:
https://eprint.iacr.org/2023/691

   ・ 介绍了对现代证明系统中弱Fiat-Shamir攻击的研究。研究填补了对现代证明系统中错误应用Fiat-Shamir转换的风险的知识空白，并发现了36个影响12种不同证明系统的弱F-S实现。研究人员对其中四种系统进行了新型知识完备性攻击，并展示了弱F-S漏洞可能导致私人区块链协议中无限货币创造的情况。 – SecTodayBot

• Identify and Investigate Uncommon DNS Traffic:
https://feedpress.me/link/23532/16630933/identify-and-investigate-uncommon-dns-traffic

   ・ 介绍了如何使用Cisco Umbrella APIs来编程过滤不常见的DNS请求，通过比较Umbrella的Top 1-Million Domains列表来确定不常见的流量，并使用Umbrella Investigate进一步调查这些不常见的域名。 – SecTodayBot

• Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others:
https://thehackernews.com/2024/03/hackers-hijack-github-accounts-in.html

   ・ 介绍了一场复杂的攻击活动，涉及到GitHub账户和PyPI存储库的软件供应链攻击，详细分析了攻击者使用的多种攻击手段和对恶意代码的隐藏，展示了对开源软件包生态系统的滥用，并揭示了恶意软件的多阶段感染过程。 – SecTodayBot

• Security Advisory: Remote Command Execution in Cisco Access Point WAP Products:
https://onekey.com/blog/security-advisory-remote-command-execution-in-cisco-access-point-wap-products/

   ・ 介绍了针对Cisco WAP371固件版本1.3.0.7的漏洞披露和分析，涵盖了格式字符串漏洞和命令注入漏洞 – SecTodayBot

• Identifying Malicious Bytes in Malware:
https://gatari.dev/posts/identifying-malicious-bytes-in-malware/

   ・ 介绍了一种新的绕过静态检测和识别恶意字节的方法，通过分析已知的恶意字节序列并用良性字节替换，以逃避安全产品的检测。 – SecTodayBot

• Hacking the Giant: How I Discovered Google’s Vulnerability and Hall of Fame Recognition:
https://medium.com/@hncaga/hacking-the-giant-how-i-discovered-googles-vulnerability-and-hall-of-fame-recognition-694a9c18684a

   ・ 讲述了作者在Google子域中发现XSS漏洞的过程，介绍了漏洞的挖掘方法，并展示了作者在Google名人堂中的认可。 – SecTodayBot

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号： 腾讯玄武实验室
https://weibo.com/xuanwulab