Tencent Security Xuanwu Lab Daily News
• GitHub - xtekky/TikTok-X-Ladon: TikTok X-Ladon Signature:
https://github.com/xtekky/TikTok-X-Ladon/tree/main
・ 介绍了TikTok使用的X-Ladon HTTP签名的加密方法及相关Python脚本
– SecTodayBot
• GitHub - hubert3/iSniff-GPS: Passive sniffing tool for capturing and visualising WiFi location data disclosed by iOS devices:
https://github.com/hubert3/iSniff-GPS
・ Passive sniffing tool for capturing and visualising WiFi location data disclosed by iOS devices
– SecTodayBot
• GitHub - infosecn1nja/VeilTransfer: VeilTransfer is a data exfiltration utility designed to test and enhance the detection capabilities. This tool simulates real-world data exfiltration techniques used by advanced threat actors, allowing organizations to evaluate and improve their security posture.:
https://github.com/infosecn1nja/VeilTransfer
・ VeilTransfer是一种数据泄露实用程序,旨在测试和增强检测能力。它支持多种数据外泄方法,包括MEGA、Github、SFTP、WebDAV等,可用于评估和改进安全状况。
– SecTodayBot
• HughesNet HT2000W Satellite Modem Password Reset:
https://packetstormsecurity.com/files/180367
・ HughesNet HT2000W卫星调制解调器中的漏洞CVE-2021-20090的利用
– SecTodayBot
• GitHub - ynwarcs/CVE-2024-38063: poc for CVE-2024-38063 (RCE in tcpip.sys):
https://github.com/ynwarcs/CVE-2024-38063
・ 介绍了CVE-2024-38063漏洞的技术细节和利用方法,包括了漏洞的根本原因分析和利用的POC
– SecTodayBot
• Hackers can take over Ecovacs home robots to spy on their owners:
https://securityaffairs.com/167508/hacking/researchers-hacked-ecovacs-devices.html
・ 研究人员在最近的Def Con黑客大会上披露了对Ecovacs吸尘器和割草机机器人的新漏洞信息
– SecTodayBot
• GitHub - runZeroInc/sshamble: SSHamble: Unexpected Exposures in SSH:
https://github.com/runZeroInc/sshamble
・ SSHamble是一个用于SSH实现的研究工具,提供了对认证的攻击、会话后的认证攻击、预认证状态转换、认证时序分析和会话后枚举等功能。
– SecTodayBot
• Unveiling Mobile App Vulnerabilities: How Popular Apps Leak Sensitive Data:
https://symantec-enterprise-blogs.security.com/threat-intelligence/mobile-app-data-leak
・ 披露了多个知名Android和iOS应用程序存在的数据泄露漏洞
– SecTodayBot
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab