Tencent Security Xuanwu Lab Daily News
• [Tools] What does your code use, and is it vulnerable? It-depends!:
https://blog.trailofbits.com/2021/12/16/it-depends/
・ it-depends – 一款自动化地分析开源代码 Repo 中依赖库的工具,支持 cargo, npm, pip, go, CMake 等语言包工具
– Jett
• Apache Shiro 反序列化漏洞原理详解:
http://blog.topsec.com.cn/apache-shiro-%e5%8f%8d%e5%ba%8f%e5%88%97%e5%8c%96%e6%bc%8f%e6%b4%9e%e5%8e%9f%e7%90%86%e8%af%a6%e8%a7%a3/
・ Apache Shiro 反序列化漏洞原理详解
– Jett
• Phorpiex botnet is back with a new Twizt: Hijacking Hundreds of crypto transactions – Check Point Research:
https://research.checkpoint.com/2021/phorpiex-botnet-is-back-with-a-new-twizt-hijacking-hundreds-of-crypto-transactions/
・ 消失多年的 Phorpiex Botnet 又出现了
– Jett
• [Android] 2227 – Android: apps have VM_MAYWRITE access to shared zygote JIT mapping – project-zero:
https://bugs.chromium.org/p/project-zero/issues/detail?id=2227
・ 2227 – Android: apps have VM_MAYWRITE access to shared zygote JIT mapping
– Jett
• [Android] Prevent Reverse Engineering (RE) of your Android application:
https://www.securing.pl/en/prevent-reverse-engineering-re-of-your-android-application/
・ Android App 逆向分析对抗措施
– Jett
• [Fuzzing, Tools] README.md:
https://github.com/CodeIntelligenceTesting/jazzer
・ Jazzer – 基于 libFuzzer 实现的 Fuzz JVM 的工具
– Jett
• RunAsS4U v1.0:
https://github.com/diversenok/NtTools/releases/tag/v1.0-RunAsS4U
・ RunAsS4U – 无需密码以其他用户身份执行代码的工具(Windows)
– Jett
• Exploitation of CVE-2021-21220 – From Incorrect JIT Behavior to RCE:
https://www.thezdi.com/blog/2021/12/15/exploitation-of-cve-2021-21220-from-incorrect-jit-behavior-to-rce
・ Pwn2Own 2021 利用 v8 JIT 的问题实现 RCE
– Jett
• 从零到一带你深入 log4j2 Jndi RCE CVE-2021-44228漏洞:
http://blog.topsec.com.cn/%e4%bb%8e%e9%9b%b6%e5%88%b0%e4%b8%80%e5%b8%a6%e4%bd%a0%e6%b7%b1%e5%85%a5-log4j2-jndi-rce-cve-2021-44228%e6%bc%8f%e6%b4%9e/
・ 从零到一带你深入 log4j2 Jndi RCE CVE-2021-44228漏洞
– Jett
• [iOS] Pegasus vs. Predator Dissident’s Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware:
https://citizenlab.ca/2021/12/pegasus-vs-predator-dissidents-doubly-infected-iphone-reveals-cytrox-mercenary-spyware/
・ CitizenLab 发布间谍攻击分析报告称,有埃及人的手机同时感染了 NSO Pegasus 和 Cytrox Predator 两款间谍软件
– Jett
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(12-17)