每日安全动态推送(3-23)

渗透技巧 1年前 (2023) admin

232 0 0

Tencent Security Xuanwu Lab Daily News

• [Tools] Find Threats in Event Logs with Hayabusa:
https://blog.ecapuano.com/p/find-threats-in-event-logs-with-hayabusa

・ Hayabusa 是由日本大和安全集团创建的 Windows 事件日志快速取证时间线生成器和威胁搜寻工具。它是用 Rust 编写的，支持多线程以尽可能快。输出将合并到单个 CSV 时间线中，以便在 Excel、Timeline Explorer、Elastic Stack 等中轻松分析 – SecTodayBot

• [Android, Tools] APKHunt: comprehensive static code analysis tool for Android apps:
https://securityonline.info/apkhunt-comprehensive-static-code-analysis-tool-for-android-apps/

・ APKHunt 是一款基于 OWASP MASVS 框架的 Android 应用综合静态代码分析工具。可供移动应用程序开发人员和安全测试人员使用，以确保测试结果的完整性和一致性 – SecTodayBot

• Vulnerability Spotlight: Netgear Orbi router vulnerable to arbitrary command execution:
https://blog.talosintelligence.com/vulnerability-spotlight-netgear-orbi-router-vulnerable-to-arbitrary-command-execution/

・ Netgear Orbi Satellite RBS750，远程代码执行漏洞 TAOS-2022-1595 (CVE-2022-36429) – SecTodayBot

• [Tools] Invoke-PSObfuscation – An In-Depth Approach To Obfuscating The Individual Components Of A PowerShell Payload Whether You’Re On Windows Or Kali Linux:
http://www.kitploit.com/2023/03/invoke-psobfuscation-in-depth-approach.html

・一种深入混淆 PowerShell 负载的各个组件的方法，无论您是在 Windows 还是 Kali Linux 上 – SecTodayBot

• [Windows] Windows Installer EOP (CVE-2023-21800):
https://blog.doyensec.com//2023/03/21/windows-installer.html

・ MSI 安装程序本地权限提升 – SecTodayBot

• Acropalypse flaw in Google Pixel’s Markup tool allowed the recovery of edited images:
https://securityaffairs.com/143748/hacking/google-pixel-acropalypse-flaw.html

・ Google Pixel 标记工具中的 Acropalypse 缺陷允许部分恢复编辑或编辑的屏幕截图和图像。 – SecTodayBot

• [Vulnerability] CVE-2023-28115: RCE vulnerability affects the popular PHP library, Snappy:
https://securityonline.info/cve-2023-28115-rce-vulnerability-affects-the-popular-php-library-snappy/

・ Snappy库中的 file_exists()函数存在反序列化漏洞，评分9.8 – keenan

• Pwn2Own Vancouver 2023 – The Full Schedule:
https://www.thezdi.com/blog/2023/3/21/pwn2own-vancouver-schedule-2023

・ Pwn2Own 温哥华 2023 – 完整时间表 – SecTodayBot

• Rapid7 Observed Exploitation of Adobe ColdFusion:
https://blog.rapid7.com/2023/03/21/etr-rapid7-observed-exploitation-of-adobe-coldfusion/

・ Rapid7 观察到在多个客户环境中利用 Adobe ColdFusion – SecTodayBot

• Multiple vulnerabilities in Jenkins plugins:
https://seclists.org/oss-sec/2023/q1/184