每日安全动态推送(03-21)

Tencent Security Xuanwu Lab Daily News

• Features:
https://github.com/xepor/xepor

   ・ Xepor – Web Routing 框架，利用 Flask API 劫持和篡改 HTTP 请求的工具 – Jett

• [Windows] Bypassing UAC in the most Complex Way Possible!:
https://www.tiraniddo.dev/2022/03/bypassing-uac-in-most-complex-way.html

   ・ Abusing Kerberos to Bypass UAC – Jett

• [Fuzzing, Tools] README.md:
https://github.com/Rog3rSm1th/Frelatage

   ・ Frelatage – a Coverage-based Python Fuzzing Library，Fuzz Python Applications – Jett

• AirDrop process of ApeCoin cryptocurrency found vulnerable, led to theft of millions of dollars in NFTs:
https://research.checkpoint.com/2022/airdrop-process-of-apecoin-cryptocurrency-found-vulnerable-led-to-theft-of-millions-of-dollars-in-nfts/

   ・ AirDrop process of ApeCoin cryptocurrency found vulnerable, led to theft of millions of dollars in NFTs  – Jett

• cri-o: Arbitrary code execution in cri-o via abusing “kernel.core_pattern” kernel parameter:
https://github.com/cri-o/cri-o/security/advisories/GHSA-6x2m-w449-qwx7

   ・ CRI-O 发布漏洞公告，修复近期的爆出的 root 代码执行漏洞 – Jett

• [IoT] Sandworm APT Hunts for ASUS Routers with Cyclops Blink Botnet:
https://threatpost.com/sandworm-asus-routers-cyclops-blink-botnet/178986/

   ・ Sandworm APT 攻击 ASUS 路由器 – Jett

• Parent PID Spoofing (Mitre:T1134):
https://www.hackingarticles.in/parent-pid-spoofing-mitret1134/

   ・ 检测分析父PID欺骗. – lanying37

• [Tools] Detecting Headless Chrome: Spotlight on Puppeteer-Extra-Plugin-Stealth:
https://datadome.co/bot-detection/detecting-headless-chrome-puppeteer-extra-plugin-stealth/?utm_source=reddit

   ・ Headless Chrome 爬虫的检测和反检测对抗 – Jett

• Bypassing CDN WAF’s with Alternate Domain Routing:
https://blog.ryanjarv.sh/2022/03/16/bypassing-wafs-with-alternate-domain-routing.html

   ・ 利用 CDN 作为代理绕过 CDN WAF，访问目标站点 – Jett

• [iOS] Airdrop: Symbolic Link Following:
https://breakpoint.sh/posts/airdrop-symbolic-link-following

   ・ Airdrop: Symbolic Link Following – Jett

• [Fuzzing, Tools] FitM, the Fuzzer in the Middle:
https://github.com/FGSect/FitM

   ・ FitM – 作为中间人，利用 snapshot-fuzzing Fuzz client 和 server 的工具 – Jett

• 探索高版本 JDK 下 JNDI 漏洞的利用方法：第二章:
https://tttang.com/archive/1489/

   ・ 探索高版本 JDK 下 JNDI 漏洞的利用方法：第二章. – lanying37

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab

原文始发于微信公众号（腾讯玄武实验室）：每日安全动态推送(03-21)