Tencent Security Xuanwu Lab Daily News
• Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices – Microsoft Security Blog:
https://www.microsoft.com/security/blog/2022/05/19/rise-in-xorddos-a-deeper-look-at-the-stealthy-ddos-malware-targeting-linux-devices/
・ 微软对 Linux 平台 XorDdos 恶意软件的分析
– Jett
• Pwn2Own Vancouver 2022 – The Results:
https://www.thezdi.com/blog/2022/5/18/pwn2own-vancouver-2022-the-results
・ Pwn2Own 2022 温哥华比赛结束了
– Jett
• [PDF] https://i.blackhat.com/Asia-22/Thursday-Materials/AS-22-Gruss-Remote-Memory-Deduplication-Attacks.pdf:
https://i.blackhat.com/Asia-22/Thursday-Materials/AS-22-Gruss-Remote-Memory-Deduplication-Attacks.pdf
・ Remote Memory-Deduplication Attacks,来自 BlackHat Asia 会议
– Jett
• How it started:
https://evowizz.dev/blog/huawei-appgallery-vulnerability
・ 华为 AppGallery 应用市场被发现可以免费下载付费 App 的漏洞
– Jett
• [Machine Learning] Learning Machine Learning Part 3: Attacking Black Box Models:
https://posts.specterops.io/learning-machine-learning-part-3-attacking-black-box-models-3efffc256909
・ 机器学习之攻击黑盒模型
– Jett
• Attack Surface Mining For AD CS:
https://tttang.com/archive/1593/
・ AD CS 的攻击面分析
– Jett
• [PDF] https://andreaskogler.com/papers/msrtemplating.pdf:
https://andreaskogler.com/papers/msrtemplating.pdf
・ Finding and Exploiting CPU Features using MSR Templating(Paper),自动化探测 CPU 通过 MSR 寄存器提供的隐藏特性
– Jett
• Exploiting an Unbounded memcpy in Parallels Desktop:
https://blog.ret2.io/2022/05/19/pwn2own-2021-parallels-desktop-exploit/
・ Pwn2Own 2021 Parallels Desktop 虚拟机逃逸漏洞的分析
– Jett
• [PDF] https://help.apple.com/pdf/security/en_US/apple-platform-security-guide.pdf:
https://help.apple.com/pdf/security/en_US/apple-platform-security-guide.pdf
・ Apple 发布了今年的《Apple Platform Security》手册
– Jett
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(05-20)