每日安全动态推送(11-29)

Tencent Security Xuanwu Lab Daily News

• 从JDK源码中探究Runtime#exec的限制 – FreeBuf网络安全行业门户:

https://www.freebuf.com/vuls/350760.html

   ・ 详解JDK的Runtime.getRuntime().exec(String)的原理：会先将输入字符串以”x20tnrf”进行split，之后再作为Process的argv进行命令执行。 – Atum

• Be Careful with Python’s New-Style String Format:
https://lucumr.pocoo.org/2016/12/29/careful-with-str-format/

   ・ Python的格式化字符串如果攻击者可控的话，可能会导致信息泄漏。 – Atum

• [Tools] Introduction to MITRE ATT&CK – Featuring Version 12 (2022):
https://ahead.feedly.com/posts/introduction-to-mitre-attack-featuring-version-12-2022

   ・ MITRE ATT&CK Version 12 新特性 – andreszeng

• [Tools] An End to KASLR Bypasses?:
https://windows-internals.com/an-end-to-kaslr-bypasses/

   ・ THREATINT_PROCESS_SYSCALL_USAGE：Windows 23H2 引入新的 ETW Event 缓解漏洞利用 – andreszeng

• [Pentest, Tools] Reverse TCP Sock5 Proxy:
https://github.com/Coldzer0/ReverseSock5Proxy

   ・ Sock5 反向代理工具 – WireFisher

• [Browser] 2358 – Chrome: heap-use-after-free in blink::LocalFrameView::PerformLayout (incomplete fix for CVE-2022-3199) – project-zero:
https://bugs.chromium.org/p/project-zero/issues/detail?id=2358

   ・ Chrome浏览器Blink组件UAF漏洞（CVE-2022-3654）细节，由project-zero的glazunov发现，是由于CVE-2022-3199漏洞错误修复导致的补丁绕过。 – P4nda

• obstack结构体:
https://tttang.com/archive/1845/

   ・ 基于IO_FILE的高版本glibc利用链 – xmzyshypnc

• [Tools] Future features:
https://github.com/CoolerVoid/heap_detective

   ・ 基于污点分析的静态分析被应用于堆漏洞检测 – xmzyshypnc

• [Fuzzing, macOS] [Fuzzing with Jackalope] How to install jackalope and fuzz a simple program on MacOS:
https://youtu.be/rXbaHSXiCtg

   ・ 介绍了Jackalope的基本使用方法，对Damn Vulnerable C Program中的示例程序进行模糊测试  – keenan

• Koxic 勒索软件在韩国传播:
https://paper.seebug.org/2027/

   ・ Koxic 勒索软件的相关行为分析 – lanying37

• [Windows] GitHub – abusech/ThreatFox: Open IOC sharing platform:
https://github.com/abusech/ThreatFox

   ・ ThreatFox：开源威胁情报共享平台 – andreszeng

• Hacking Smartwatches for Spear Phishing – Cybervelia | Cyber Security:
https://cybervelia.com/?p=1380

   ・ 攻击智能手表以使其显示自定义内容 – WireFisher

• [Web, Vulnerability] r/netsec – Exploiting an N-day vBulletin PHP Object Injection Vulnerability:
https://www.reddit.com/r/netsec/comments/z5cql6/exploiting_an_nday_vbulletin_php_object_injection/

   ・ 利用vBulletin的一个N-day对象注入漏洞实现任意PHP代码执行。 – keenan

• [Pentest, Tools] OffSecOps: Using Jenkins For Red Team Tooling:
https://http418infosec.com/offsecops-using-jenkins-for-red-team-tooling/

   ・ 用Jenkins来自动化构建红队工具 – ArisXu

• [IoT] When an N-Day turns into a 0day. (Part 1 of 2):
https://github.com/b1ack0wl/vulnerability-write-ups/blob/master/TP-Link/WR940N/112022/Part1.md

   ・ 基于patch对TP-Link一处未初始化访问漏洞的分析和利用，并发现仍存在其他受此漏洞影响的固件版本。 – P4nda

• [Tools] Kubeeye – Tool To Find Various Problems On Kubernetes, Such As Application Misconfiguration, Unhealthy Cluster Components And Node Problems:
http://www.kitploit.com/2022/11/kubeeye-tool-to-find-various-problems.html

   ・ Kubeeye，一款Kubernetes漏洞检测工具，能够给出修复建议，支持客制化。 – keenan

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab

原文始发于微信公众号（腾讯玄武实验室）：每日安全动态推送(11-29)