Tencent Security Xuanwu Lab Daily News
• 从JDK源码中探究Runtime#exec的限制 – FreeBuf网络安全行业门户:
https://www.freebuf.com/vuls/350760.html
・ 详解JDK的Runtime.getRuntime().exec(String)的原理:会先将输入字符串以”x20tnrf”进行split,之后再作为Process的argv进行命令执行。
– Atum
• Be Careful with Python’s New-Style String Format:
https://lucumr.pocoo.org/2016/12/29/careful-with-str-format/
・ Python的格式化字符串如果攻击者可控的话,可能会导致信息泄漏。
– Atum
• [Tools] Introduction to MITRE ATT&CK – Featuring Version 12 (2022):
https://ahead.feedly.com/posts/introduction-to-mitre-attack-featuring-version-12-2022
・ MITRE ATT&CK Version 12 新特性
– andreszeng
• [Tools] An End to KASLR Bypasses?:
https://windows-internals.com/an-end-to-kaslr-bypasses/
・ THREATINT_PROCESS_SYSCALL_USAGE:Windows 23H2 引入新的 ETW Event 缓解漏洞利用
– andreszeng
• [Pentest, Tools] Reverse TCP Sock5 Proxy:
https://github.com/Coldzer0/ReverseSock5Proxy
・ Sock5 反向代理工具
– WireFisher
• [Browser] 2358 – Chrome: heap-use-after-free in blink::LocalFrameView::PerformLayout (incomplete fix for CVE-2022-3199) – project-zero:
https://bugs.chromium.org/p/project-zero/issues/detail?id=2358
・ Chrome浏览器Blink组件UAF漏洞(CVE-2022-3654)细节,由project-zero的glazunov发现,是由于CVE-2022-3199漏洞错误修复导致的补丁绕过。
– P4nda
• obstack结构体:
https://tttang.com/archive/1845/
・ 基于IO_FILE的高版本glibc利用链
– xmzyshypnc
• [Tools] Future features:
https://github.com/CoolerVoid/heap_detective
・ 基于污点分析的静态分析被应用于堆漏洞检测
– xmzyshypnc
• [Fuzzing, macOS] [Fuzzing with Jackalope] How to install jackalope and fuzz a simple program on MacOS:
https://youtu.be/rXbaHSXiCtg
・ 介绍了Jackalope的基本使用方法,对Damn Vulnerable C Program中的示例程序进行模糊测试
– keenan
• Koxic 勒索软件在韩国传播:
https://paper.seebug.org/2027/
・ Koxic 勒索软件的相关行为分析
– lanying37
• [Windows] GitHub – abusech/ThreatFox: Open IOC sharing platform:
https://github.com/abusech/ThreatFox
・ ThreatFox:开源威胁情报共享平台
– andreszeng
• Hacking Smartwatches for Spear Phishing – Cybervelia | Cyber Security:
https://cybervelia.com/?p=1380
・ 攻击智能手表以使其显示自定义内容
– WireFisher
• [Web, Vulnerability] r/netsec – Exploiting an N-day vBulletin PHP Object Injection Vulnerability:
https://www.reddit.com/r/netsec/comments/z5cql6/exploiting_an_nday_vbulletin_php_object_injection/
・ 利用vBulletin的一个N-day对象注入漏洞实现任意PHP代码执行。
– keenan
• [Pentest, Tools] OffSecOps: Using Jenkins For Red Team Tooling:
https://http418infosec.com/offsecops-using-jenkins-for-red-team-tooling/
・ 用Jenkins来自动化构建红队工具
– ArisXu
• [IoT] When an N-Day turns into a 0day. (Part 1 of 2):
https://github.com/b1ack0wl/vulnerability-write-ups/blob/master/TP-Link/WR940N/112022/Part1.md
・ 基于patch对TP-Link一处未初始化访问漏洞的分析和利用,并发现仍存在其他受此漏洞影响的固件版本。
– P4nda
• [Tools] Kubeeye – Tool To Find Various Problems On Kubernetes, Such As Application Misconfiguration, Unhealthy Cluster Components And Node Problems:
http://www.kitploit.com/2022/11/kubeeye-tool-to-find-various-problems.html
・ Kubeeye,一款Kubernetes漏洞检测工具,能够给出修复建议,支持客制化。
– keenan
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(11-29)