Tencent Security Xuanwu Lab Daily News
• Zero Day Initiative — CVE-2022-26937: Microsoft Windows Network File System NLM Portmap Stack Buffer Overflow:
https://www.zerodayinitiative.com/blog/2022/6/7/cve-2022-26937-microsoft-windows-network-file-system-nlm-portmap-stack-buffer-overflow
・ Windows 网络文件系统 NLM Portmap 栈溢出漏洞分析(CVE-2022-26937)
– Jett
• Router security in 2021:
https://securelist.com/router-security-2021/106711/
・ 卡巴斯基对 2021 年路由器安全现状的分析报告
– Jett
• uprobe HOOK:
https://github.com/ehids/ecapture
・ eCapture – 基于 eBPF 技术实现 TLS 加密的明文捕获
– Jett
• Extracting Clear-Text Credentials Directly From Chromium’s Memory:
https://www.cyberark.com/resources/threat-research-blog/extracting-clear-text-credentials-directly-from-chromium-s-memory
・ 在 Chromium 浏览器的内存 Dump 中提取输入的明文密码
– Jett
• Detecting DNS Tunneling using Spark Structured Streaming | by Salil Jain | Jun, 2022 | InfoSec Write-ups:
https://infosecwriteups.com/detecting-dns-tunneling-using-spark-structured-streaming-c7e2b6af0349
・ Detecting DNS Tunneling using Spark Structured Streaming
– Jett
• [Tools] GitHub – quarkslab/tpmee:
https://github.com/quarkslab/tpmee
・ TPMEavesEmu – 通过模拟的方法辅助测试 TPM 实现安全的工具
– Jett
• SpringBoot Actuator之 logging.config grovvy rce分析及内存马注入:
https://tttang.com/archive/1620/
・ SpringBoot Actuator之 logging.config grovvy rce分析及内存马注入
– lanying37
• Kernel Recipes 2022:
https://youtu.be/v–rVT4RsCE?t=17119
・ Kernel Recipes 2022线上会议演讲视频
– lanying37
• Using Windows Event Log IDs for Threat Hunting – FourCore:
https://fourcore.io/blogs/threat-hunting-with-windows-event-log-sigma-rules
・ 基于 Windows 内置 Event Log 的威胁检测
– Jett
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(06-09)
