Tencent Security Xuanwu Lab Daily News
• libmagic: The Blathering:
https://blog.trailofbits.com/2022/07/01/libmagic-the-blathering/
・ PolyFile – Trail of Bits 开源的文件格式识别工具,保护对混合、内嵌文件格式的识别
– Jett
• [Android, Malware] Flubot: the evolution of a notorious Android Banking Malware:
https://blog.fox-it.com/2022/06/29/flubot-the-evolution-of-a-notorious-android-banking-malware/
・ Android 银行恶意软件 Flubot 的进化
– Jett
• Let’s talk about Kubernetes on the Internet:
https://raesene.github.io/blog/2022/07/03/lets-talk-about-kubernetes-on-the-internet/
・ 扫描网络上暴露的 Kubernetes clusters
– Jett
• nday exploit: netgear orbi unauthenticated command injection (cve-2020-27861):
https://blog.coffinsec.com//research/2022/07/02/orbi-nday-exploit-cve-2020-27861.html
・ netgear orbi unauth 命令注入漏洞的分析和利用(CVE-2020-27861)
– Jett
• Building a SAST program at Razorpay’s scale | Razorpay Engineering:
https://engineering.razorpay.com/building-a-sast-program-at-razorpays-scale-719887fe0aec
・ 构建一个静态源码安全分析工具(SAST)
– Jett
• Bulk Analysis of Cobalt Strike’s Beacon Configurations:
https://www.archcloudlabs.com/projects/bulk-cs-analysis/
・ 对超过 11 万条 Cobalt Strike Beacon payloads 数据的分析
– Jett
• spiderSilk:
https://spidersilk.com/news/Its-Been-Zero-Days-Since-BIND9-Crashed
・ spiderSilk 团队通过扫描发现,48% 的 BIND9 DNS 服务依然没有修复 CVE-2021-25220 漏洞
– Jett
• [PDF] https://i.blackhat.com/Asia-22/Friday-Materials/AS-22-Korkos-AMSI-and-Bypass.pdf:
https://i.blackhat.com/Asia-22/Friday-Materials/AS-22-Korkos-AMSI-and-Bypass.pdf
・ Windows AMSI Bypass 技术研究
– Jett
• Revisiting Pegasus on iOS9:
https://shadowfile.inode.link/blog/2022/07/revisiting-pegasus-on-ios9/
・ Revisiting Pegasus on iOS 9,NSO Group 的 Pegasus iOS 利用链的分析
– Jett
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(07-04)
