Tencent Security Xuanwu Lab Daily News

• TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks:
https://thehackernews.com/2024/05/tp-link-gaming-router-vulnerability.html

   ・ 披露了TP-Link Archer C5400X游戏路由器中的一个新漏洞，该漏洞可能导致远程代码执行，而且文章对漏洞的根本原因进行了详细分析。 – SecTodayBot

• Static Unpacking for the Widespread NSIS-based Malicious Packer Family - Check Point Research:
https://research.checkpoint.com/2024/static-unpacking-for-the-widespread-nsis-based-malicious-packer-family/

   ・ 讨论了如何自动解包由NSIS基础包装程序保护的恶意样本 – SecTodayBot

• Keylogging in the Windows Kernel with undocumented data structures:
https://eversinc33.com/posts/kernel-mode-keylogging.html

   ・ 讨论了利用 rootkit 进行攻击性操作以及实现内核模式键盘记录的技术。 – SecTodayBot

• Non-Production Endpoints as an Attack Surface in AWS:
https://securitylabs.datadoghq.com/articles/non-production-endpoints-as-an-attack-surface-in-aws/

   ・ 披露了关于AWS CloudTrail绕过的新型漏洞，指出了通过非生产端点和API操作来绕过CloudTrail的具体方法，并展示了如何发现大规模非生产端点的新技术。 – SecTodayBot

• A journey into forgotten Null Session and MS-RPC interfaces:
https://kas.pr/g37v

   ・ 深入探讨了空会话漏洞和MS-RPC接口 – SecTodayBot

• Researchers Warn of CatDDoS Botnet and DNSBomb DDoS Attack Technique:
https://thehackernews.com/2024/05/researchers-warn-of-catddos-botnet-and.html

   ・ 介绍了CatDDoS恶意软件僵尸网络利用80多个已知安全漏洞渗透易受攻击的设备，并披露了一种名为DNSBomb的新的拒绝服务攻击技术。 – SecTodayBot

• ManageEngine ADAudit - Reverse engineering Windows RPC to find CVEs - part 1 / RPC:
https://www.shelltrail.com/research/manageengine-adaudit-reverse-engineering-windows-rpc-to-find-cve-2024-36036-and-cve-2024-36037-part1/

   ・ 讨论了ADAudit Plus产品中的新漏洞发现及详细的漏洞分析，重点介绍了在Windows环境中的RPC和开发自定义客户端的细节。 – SecTodayBot

• Everyday Ghidra: Symbols — Automatic Symbol Acquisition with Ghidra — Part 2:
https://medium.com/@clearbluejar/everyday-ghidra-symbols-automatic-symbol-acquisition-with-ghidra-part-2-bf9033a35b39

   ・ 介绍了如何配置Ghidra以自动从公共符号服务器下载符号 – SecTodayBot

• DEFCON 2017: Transcript – Hacking the Cloud:
https://adsecurity.org/?p=4434

   ・ 讨论了如何在渗透测试和红队环境中识别云服务的新方法，内容涉及到DEFCON 2017会议上的讨论 – SecTodayBot

• Diving deep into Jetbrains TeamCity Part 1 - Analysing CVE-2024-23917 leading to Authentication Bypass:
https://blog.0daylabs.com/2024/05/27/jetbrains-teamcity-auth-bypass/

   ・ 重点介绍了CVE-2024-23917漏洞的详细分析，涉及了Jetbrains TeamCity软件的漏洞利用过程 – SecTodayBot

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号： 腾讯玄武实验室
https://weibo.com/xuanwulab