每日安全动态推送(12-22)

Tencent Security Xuanwu Lab Daily News

• Faking A Positive COVID Test:
https://labs.f-secure.com/blog/faking-a-positive-covid-test/

   ・ Ellume 生产的 COVID-19 家用检测试剂盒被发现结果可以伪造 – Jett

• [Tools] Hook Heaps and Live Free:
https://www.cyberark.com/resources/threat-research-blog/hook-heaps-and-live-free

   ・ 研究 Cobalt Strike 以及 IAT Hooking 的细节，绕过 BeaconEye 的检测 – Jett

• Knock Knock! Who’s There? – A NSA VM:
https://reverse.put.as/2021/12/17/knock-knock-whos-there/

   ・ ShadowBrokers dewdrop 后门工具的分析 – Jett

• Proctorio Chrome extension Universal Cross-Site Scripting · Sector 7:
https://sector7.computest.nl/post/2021-12-proctorio/

   ・ Chrome 浏览器 Proctorio 扩展 UXSS 漏洞分析 – Jett

• [Android, Windows] Android Application Testing Using Windows 11 and Windows Subsystem for Android:
https://sensepost.com/blog/2021/android-application-testing-using-windows-11-and-windows-subsystem-for-android/

   ・ 在 Windows 11 Subsystem for Android 子系统环境中测试 Android App – Jett

• 高版本堆tcache 一般利用手法总结(glibc2.27-2.32):
https://tttang.com/archive/1362/

   ・ 高版本堆tcache 一般利用手法总结(glibc2.27-2.32). – lanying37

• [Linux] moonwalk:
https://github.com/mufeedvh/moonwalk

   ・ moonwalk – Linux 环境渗透抹掉日志等痕迹的工具 – Jett

• [BugTales] Ouchscreen: Stealing Secrets With A Little Help From Machine Learning:
https://labs.taszk.io/articles/post/ouchscreen/

   ・ 有研究员研究发现，恶意 App 可以通过访问华为 Android 手机的触屏事件统计日志还原用户的触屏输入。目前该问题已被修复。 – Jett

• [Android] TLS Certificate Security for Android | Guardsquare:
https://www.guardsquare.com/blog/insecure-tls-certificate-checking-in-android-apps

   ・ TLS Certificate Security for Android – Jett

• [Malware, Tools] More Undetected PowerShell Dropper:
https://i5c.us/d28158

   ・ More Undetected PowerShell Dropper. – lanying37

• APT Conducts Active Campaign Against ManageEngine ServiceDesk Plus:
https://bit.ly/3lDEemc

   ・ 据 Palo Alto 公司分析，APT 组织利用 ManageEngine ServiceDesk Plus IT 服务管理软件渗透 13 家技术、能源、健康等行业的机构 – Jett

• [Windows] CVE-2021-43224-POC:
https://github.com/KaLendsi/CVE-2021-43224-POC

   ・ Windows Common Log File System Driver CVE-2021-43224 PoC – Jett

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab

原文始发于微信公众号（腾讯玄武实验室）：每日安全动态推送(12-22)