Tencent Security Xuanwu Lab Daily News
• Features:
https://github.com/xepor/xepor
・ Xepor – Web Routing 框架,利用 Flask API 劫持和篡改 HTTP 请求的工具
– Jett
• [Windows] Bypassing UAC in the most Complex Way Possible!:
https://www.tiraniddo.dev/2022/03/bypassing-uac-in-most-complex-way.html
・ Abusing Kerberos to Bypass UAC
– Jett
• [Fuzzing, Tools] README.md:
https://github.com/Rog3rSm1th/Frelatage
・ Frelatage – a Coverage-based Python Fuzzing Library,Fuzz Python Applications
– Jett
• AirDrop process of ApeCoin cryptocurrency found vulnerable, led to theft of millions of dollars in NFTs:
https://research.checkpoint.com/2022/airdrop-process-of-apecoin-cryptocurrency-found-vulnerable-led-to-theft-of-millions-of-dollars-in-nfts/
・ AirDrop process of ApeCoin cryptocurrency found vulnerable, led to theft of millions of dollars in NFTs
– Jett
• cri-o: Arbitrary code execution in cri-o via abusing “kernel.core_pattern” kernel parameter:
https://github.com/cri-o/cri-o/security/advisories/GHSA-6x2m-w449-qwx7
・ CRI-O 发布漏洞公告,修复近期的爆出的 root 代码执行漏洞
– Jett
• [IoT] Sandworm APT Hunts for ASUS Routers with Cyclops Blink Botnet:
https://threatpost.com/sandworm-asus-routers-cyclops-blink-botnet/178986/
・ Sandworm APT 攻击 ASUS 路由器
– Jett
• Parent PID Spoofing (Mitre:T1134):
https://www.hackingarticles.in/parent-pid-spoofing-mitret1134/
・ 检测分析父PID欺骗.
– lanying37
• [Tools] Detecting Headless Chrome: Spotlight on Puppeteer-Extra-Plugin-Stealth:
https://datadome.co/bot-detection/detecting-headless-chrome-puppeteer-extra-plugin-stealth/?utm_source=reddit
・ Headless Chrome 爬虫的检测和反检测对抗
– Jett
• Bypassing CDN WAF’s with Alternate Domain Routing:
https://blog.ryanjarv.sh/2022/03/16/bypassing-wafs-with-alternate-domain-routing.html
・ 利用 CDN 作为代理绕过 CDN WAF,访问目标站点
– Jett
• [iOS] Airdrop: Symbolic Link Following:
https://breakpoint.sh/posts/airdrop-symbolic-link-following
・ Airdrop: Symbolic Link Following
– Jett
• [Fuzzing, Tools] FitM, the Fuzzer in the Middle:
https://github.com/FGSect/FitM
・ FitM – 作为中间人,利用 snapshot-fuzzing Fuzz client 和 server 的工具
– Jett
• 探索高版本 JDK 下 JNDI 漏洞的利用方法:第二章:
https://tttang.com/archive/1489/
・ 探索高版本 JDK 下 JNDI 漏洞的利用方法:第二章.
– lanying37
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(03-21)