每日安全动态推送(8-28)

Tencent Security Xuanwu Lab Daily News

• GitHub - xtekky/TikTok-X-Ladon: TikTok X-Ladon Signature:

・介绍了TikTok使用的X-Ladon HTTP签名的加密方法及相关Python脚本 –

• GitHub - hubert3/iSniff-GPS: Passive sniffing tool for capturing and visualising WiFi location data disclosed by iOS devices:

・ Passive sniffing tool for capturing and visualising WiFi location data disclosed by iOS devices –

• GitHub - infosecn1nja/VeilTransfer: VeilTransfer is a data exfiltration utility designed to test and enhance the detection capabilities. This tool simulates real-world data exfiltration techniques used by advanced threat actors, allowing organizations to evaluate and improve their security posture.:

・ VeilTransfer是一种数据泄露实用程序，旨在测试和增强检测能力。它支持多种数据外泄方法，包括MEGA、Github、SFTP、WebDAV等，可用于评估和改进安全状况。 –

• HughesNet HT2000W Satellite Modem Password Reset:

・ HughesNet HT2000W卫星调制解调器中的漏洞CVE-2021-20090的利用 –

• GitHub - ynwarcs/CVE-2024-38063: poc for CVE-2024-38063 (RCE in tcpip.sys):

・介绍了CVE-2024-38063漏洞的技术细节和利用方法，包括了漏洞的根本原因分析和利用的POC –

• Hackers can take over Ecovacs home robots to spy on their owners:

・研究人员在最近的Def Con黑客大会上披露了对Ecovacs吸尘器和割草机机器人的新漏洞信息 –

• GitHub - runZeroInc/sshamble: SSHamble: Unexpected Exposures in SSH:

・ SSHamble是一个用于SSH实现的研究工具，提供了对认证的攻击、会话后的认证攻击、预认证状态转换、认证时序分析和会话后枚举等功能。 –

• Unveiling Mobile App Vulnerabilities: How Popular Apps Leak Sensitive Data:

・披露了多个知名Android和iOS应用程序存在的数据泄露漏洞 –

* 查看或搜索历史推送内容请访问：