每日安全动态推送(5-11)

Tencent Security Xuanwu Lab Daily News

• Demo Series: zShield | Plus a Deep Dive on Implementing zShield in Android Apps:
https://bit.ly/40GJojk

   ・ zShield，用于应用程序强化和代码模糊处理的混淆解决方案 – SecTodayBot

• Th3inspector Tool 🕵️:
https://github.com/Moham3dRiahi/Th3inspector

   ・ Th3inspector，目标信息收集工具 – SecTodayBot

• Backdooring Electron Applications:
https://text.tchncs.de/ioi/backdooring-electron-applications

   ・ 针对Electron应用的利用后攻击，涉及DLL劫持，远程调试协议、Beemka等相关知识。 – WireFish

• New Ransomware Strain 'CACTUS' Exploits VPN Flaws to Infiltrate Networks:
https://thehackernews.com/2023/05/new-ransomware-strain-cactus-exploits.html

   ・ 一种名为 CACTUS 的新勒索软件变种被发现利用 VPN 设备中的已知缺陷来获得对目标网络的初始访问权限。CACTUS 攻击还利用 Cobalt Strike 和 Chisel 隧道工具进行命令和控制，并使用 AnyDesk 等管理软件将文件推送到受感染的主机 – SecTodayBot

• Description:
https://github.com/Kudaes/CustomEntryPoint

   ・ 可修改 Rust 编写的 dll 入口点的工具，以混淆代码的字符串文字，可用作自定义 dll 入口点 – SecTodayBot

• hades: Go shellcode loader:
https://securityonline.info/hades-go-shellcode-loader/

   ・ Hades 是一个 PoC 加载器，它结合了多种规避技术，旨在绕过现代 AV/EDR 常用的防御机制 – SecTodayBot

• Re: Linux kernel io_uring out-of-bounds access to physical memory:
https://seclists.org/oss-sec/2023/q2/135

   ・ Linux 内核 io_uring 越界访问物理内存，本地权限提升漏洞 – SecTodayBot

• CVE-2023-31039: Apache bRPC Remote Code Execution Vulnerability:
https://securityonline.info/cve-2023-31039-apache-brpc-remote-code-execution-vulnerability/

   ・ Apache bRPC 远程代码执行漏洞，该模块是使用 C++ 语言编写的 Apache RPC 框架 – SecTodayBot

• www.mandiant.com:
https://www.mandiant.com/resources/blog/definitive-dossier-of-devilish-debug-details-part-one-pdb-paths-malware

   ・ 通过 PDB 路径等信息来获取恶意软件编译时的蛛丝马迹 – WireFish

• CVE-2023-2253: distribution/distribution: Catalog API endpoint can lead to OOM via malicious user input:
https://seclists.org/oss-sec/2023/q2/134

   ・ distribution 软件的 catalog API 可能通过恶意用户输入导致 OOM – SecTodayBot

• FYI: Intel BootGuard OEM private keys leak from MSI cyber heist:
https://go.theregister.com/feed/www.theregister.com/2023/05/09/intel_oem_private_keys_leaked/

   ・ Intel BootGuard OEM 私钥从针对 MSI 的网络攻击中被泄露 – SecTodayBot

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab

原文始发于微信公众号（腾讯玄武实验室）：每日安全动态推送(5-11)