Tencent Security Xuanwu Lab Daily News
• [Attack] Dark Web Profile: MuddyWater APT Group – SOCRadar:
https://socradar.io/dark-web-profile-muddywater-apt-group/
・ MuddyWater APT组织总结
– crazyman
• [Tools] PowerMeUp: powershell scripts for post exploitation:
https://securityonline.info/powermeup-powershell-scripts-for-post-exploitation/
・ Powershell后漏洞利用脚本
– WireFish
• [Tools] GitHub – airbus-cert/vbSparkle: VBScript & VBA source-to-source deobfuscator with partial-evaluation:
https://github.com/airbus-cert/vbSparkle
・ vbSparkle:反混淆VBS和VBA macro的工具
– crazyman
• [Tools] PyTorch Machine Learning Framework Compromised with Malicious Dependency:
https://thehackernews.com/2023/01/pytorch-machine-learning-framework.html
・ PyTorch 遭到依赖混淆供应链攻击,请删除2022/12/25~12/30这一时间段的安装包并重新下载最新版本
– ThomasonZhao
• Patch diff an old vulnerability in Synology NAS:
https://paper.seebug.org/2038/
・ 使用BinDiff分析复现群晖NAS一个严重栈溢出漏洞,并使用栈迁移+ROP完成利用实现RCE
– xmzyshypnc
• Hackvent 2022 – Hard:
https://0xdf.gitlab.io/hackvent2022/hard
・ 关于hackvent2022 15-21 day的writeup,主要是一些信号分析,取证,密码,pwn的题目
– crazyman
• EGREGIOUS MAGE — N-Day RCE Exploit for ZDI-17-836 (CVE-2017-12561):
https://primalcerebral.com/blog/egregious-mage-nday-rce-exploit-zdi-17-836.php
・ N-Day RCE Exploit for ZDI-17-836 (CVE-2017-12561),CVE-2017-12561的分析和利用 比较详细 适合学习
– crazyman
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(1-5)