Tencent Security Xuanwu Lab Daily News
• Faking A Positive COVID Test:
https://labs.f-secure.com/blog/faking-a-positive-covid-test/
・ Ellume 生产的 COVID-19 家用检测试剂盒被发现结果可以伪造
– Jett
• [Tools] Hook Heaps and Live Free:
https://www.cyberark.com/resources/threat-research-blog/hook-heaps-and-live-free
・ 研究 Cobalt Strike 以及 IAT Hooking 的细节,绕过 BeaconEye 的检测
– Jett
• Knock Knock! Who’s There? – A NSA VM:
https://reverse.put.as/2021/12/17/knock-knock-whos-there/
・ ShadowBrokers dewdrop 后门工具的分析
– Jett
• Proctorio Chrome extension Universal Cross-Site Scripting · Sector 7:
https://sector7.computest.nl/post/2021-12-proctorio/
・ Chrome 浏览器 Proctorio 扩展 UXSS 漏洞分析
– Jett
• [Android, Windows] Android Application Testing Using Windows 11 and Windows Subsystem for Android:
https://sensepost.com/blog/2021/android-application-testing-using-windows-11-and-windows-subsystem-for-android/
・ 在 Windows 11 Subsystem for Android 子系统环境中测试 Android App
– Jett
• 高版本堆tcache 一般利用手法总结(glibc2.27-2.32):
https://tttang.com/archive/1362/
・ 高版本堆tcache 一般利用手法总结(glibc2.27-2.32).
– lanying37
• [Linux] moonwalk:
https://github.com/mufeedvh/moonwalk
・ moonwalk – Linux 环境渗透抹掉日志等痕迹的工具
– Jett
• [BugTales] Ouchscreen: Stealing Secrets With A Little Help From Machine Learning:
https://labs.taszk.io/articles/post/ouchscreen/
・ 有研究员研究发现,恶意 App 可以通过访问华为 Android 手机的触屏事件统计日志还原用户的触屏输入。目前该问题已被修复。
– Jett
• [Android] TLS Certificate Security for Android | Guardsquare:
https://www.guardsquare.com/blog/insecure-tls-certificate-checking-in-android-apps
・ TLS Certificate Security for Android
– Jett
• [Malware, Tools] More Undetected PowerShell Dropper:
https://i5c.us/d28158
・ More Undetected PowerShell Dropper.
– lanying37
• APT Conducts Active Campaign Against ManageEngine ServiceDesk Plus:
https://bit.ly/3lDEemc
・ 据 Palo Alto 公司分析,APT 组织利用 ManageEngine ServiceDesk Plus IT 服务管理软件渗透 13 家技术、能源、健康等行业的机构
– Jett
• [Windows] CVE-2021-43224-POC:
https://github.com/KaLendsi/CVE-2021-43224-POC
・ Windows Common Log File System Driver CVE-2021-43224 PoC
– Jett
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(12-22)