Tencent Security Xuanwu Lab Daily News
• [Tools] [RFC] A DataFlow Analysis Framework:
https://discourse.llvm.org/t/rfc-a-dataflow-analysis-framework/63340
・ [RFC] A DataFlow Analysis Framework
– lanying37
• Git stats:
https://github.com/emredavut/Chrome-Android-and-Windows-0day-RCE-SBX
・ 朝鲜 APT 组织利用漏洞渗透安全研究员的 Chrome 漏洞(Windows+Android)PoC
– Jett
• [Tools] r/netsec – fuzzuli is a fuzzing tool that aims to find critical backup files by creating a dynamic wordlist based on the domain.:
https://www.reddit.com/r/netsec/comments/viteij/fuzzuli_is_a_fuzzing_tool_that_aims_to_find/
・ fuzzuli – 根据字典在 Web 服务中扫描备份文件的工具
– Jett
• [Pentest] GitHub – Ignitetechnologies/MSSQL-Pentest-Cheatsheet:
https://github.com/Ignitetechnologies/MSSQL-Pentest-Cheatsheet
・ MSSQL 渗透测试手册
– Jett
• There Is More Than One Way to Sleep: Dive Deep Into the Implementations of API Hammering by Various Malware Families:
https://unit42.paloaltonetworks.com/api-hammering-malware-families/
・ Zloader 恶意软件利用 API Hammering 的方式实现 sleep,探测沙盒运行环境的存在
– Jett
• [Tools] GitHub – optiv/Mangle: Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs:
https://github.com/optiv/Mangle
・ Mangle – 修改 PE、DLL 文件字符串等特征逃避 EDR 检测
– Jett
• GitHub – trganda/CVE-2022-22980: Poc of CVE-2022-22980:
https://github.com/trganda/CVE-2022-22980
・ VMware Spring Data MongoDB SpEL 表达式注入漏洞 CVE-2022-22980 PoC
– Jett
• Develop Your Own Rat:
https://docs.google.com/presentation/d/1UZmFo_TvSS2TvPJKlDjIW1kTVjYGGaYO86Buh2UgbaI/mobilepresent?slide=id.g11cdb36f978_1_129
・ EDR & AV Defence,远控 RAT 开发与 EDR 防御
– Jett
• Microsoft Dynamics Container Sandbox RCE via Unauthenticated Docker Remote API 20,000$ Bounty:
https://hencohen10.medium.com/microsoft-dynamics-container-sandbox-rce-via-unauthenticated-docker-remote-api-20-000-bounty-7f726340a93b
・ 利用 Docker Remote API 错误配置导致暴露的问题实现 Microsoft Dynamics Container Sandbox RCE
– Jett
• Finding Running RPC Server Information with NtObjectManager:
https://www.tiraniddo.dev/2022/06/finding-running-rpc-server-information.html
・ 利用 NtObjectManager 探测运行时 RPC Server 信息
– Jett
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(06-27)