Tencent Security Xuanwu Lab Daily News
• The Kerberos Key List Attack: The return of the Read Only Domain Controllers:
https://www.secureauth.com/blog/the-kerberos-key-list-attack-the-return-of-the-read-only-domain-controllers/
・ The Kerberos Key List Attack: The return of the Read Only Domain Controllers
– Jett
• The Newest Malicious Actor: “Squirrelwaffle” Malicious Doc.:
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/the-newest-malicious-actor-squirrelwaffle-malicious-doc/
・ McAfees研究人员发现最新“Squirrelwaffle“恶意软件威胁并对进行分析.
– lanying37
• 记一次Log4j失败的Gadget挖掘记录:
https://tttang.com/archive/1314/
・ 记一次Log4j失败的Gadget挖掘记录.
– lanying37
• All about bug bounty:
https://github.com/daffainfo/AllAboutBugBounty
・ All about bug bounty
– Jett
• GitHub – r0eXpeR/redteam_vul: 红队作战中比较常遇到的一些重点系统漏洞整理。:
https://github.com/r0eXpeR/redteam_vul
・ 红队中易被攻击的一些重点系统漏洞整理
– Jett
• [PDF] https://i.blackhat.com/EU-21/Wednesday/EU-21-Nisi-Lost-In-The-Loader.pdf:
https://i.blackhat.com/EU-21/Wednesday/EU-21-Nisi-Lost-In-The-Loader.pdf
・ Lost in the Loader – 不同环境 Windows Loader 处理 PE 文件格式的差异分析
– Jett
• [Malware] [PDF] https://lifars.com/wp-content/uploads/2021/09/Lazarus.pdf:
https://lifars.com/wp-content/uploads/2021/09/Lazarus.pdf
・ Lazarus RAT 远控工具 – FALLCHILL 的分析报告
– Jett
• [macOS] Analyzing a watering hole campaign using macOS exploits:
https://blog.google/threat-analysis-group/analyzing-watering-hole-campaign-using-macos-exploits/
・ Goole TAG 团队发现有攻击者利用 macOS XNU 内核提权漏洞发起水坑攻击
– Jett
• [Fuzzing] ClusterFuzzLite: Continuous fuzzing for all:
http://security.googleblog.com/2021/11/clusterfuzzlite-continuous-fuzzing-for.html
・ Google 开源了一套 Fuzz 框架 – ClusterFuzzLite,支持在 CI 工作流中引入 Fuzz
– Jett
• [Tools, Windows] Evading EDR Detection with Reentrancy Abuse | Deep Instinct:
https://www.deepinstinct.com/blog/evading-antivirus-detection-with-inline-hooks
・ 利用 EDR 软件 Hook API 时对函数重入问题的处理问题实现逃逸检测
– Jett
• [Fuzzing, Tools] What can I do to prevent this in the future?:
https://www.mandiant.com/resources/fuzzing-image-parsing-three
・ Fuzzing Image Parsing in Windows, Part Three: RAW and HEIF
– Jett
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(11-12)