每日安全动态推送(12-5)

渗透技巧 1年前 (2022) admin

568 0 0

• [Malware] ₿uyer ₿eware: Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware:
https://www.volexity.com/blog/2022/12/01/buyer-beware-fake-cryptocurrency-applications-serving-as-front-for-applejeus-malware/

・ volexity披露了Lazarus APT组织采取了两种手法针对加密货币行业目标,其一通过搭建钓鱼站点部署带有AppleJeus木马的安装包文件进行钓鱼活动,安装包会释放带有白加黑的恶意载荷并且创造计划任务.AppleJeus植入物会通过收集信息并且上传到云端,等待下一步的指令.其二通过Microsoft Office宏植入(宏分为解码OLE对象的blob和从OpenDriver上下载第二阶段的载荷),后续逻辑与第一种基本一致 – crazyman

• APT_REPORT/APT-hunting/hunting-cobaltstrike-beacons-in-the-dark.pdf:
https://github.com/blackorbird/APT_REPORT/blob/master/APT-hunting/hunting-cobaltstrike-beacons-in-the-dark.pdf

・ BlackBerry发布关于狩猎beacons的白皮书,从网站特征,流量,文件结构,硬编码等多角度进行讨论 – crazyman

• [Vulnerability] How we found a supply-chain vulnerability in IBM Cloud Databases for PostgreSQL : netsec:
https://www.reddit.com/r/netsec/comments/z9qeyj/how_we_found_a_supplychain_vulnerability_in_ibm/

・ IBM Cloud Databases for PostgreSQL中的供应链漏洞导致未授权的数据库访问 – keenan

• How the 8086 processor’s microcode engine works:
https://www.righto.com/2022/11/how-8086-processors-microcode-engine.html

・探索8086 微处理器的微码引擎是如何工作的 – lanying37

• [Tools, Linux] kernel_obj_finder:
https://github.com/chompie1337/kernel_obj_finder

・在 Linux 内核中查找特定大小对象的简易脚本 – crazyman

• Pre-Auth RCE with CodeQL in Under 20 Minutes : netsec:
https://www.reddit.com/r/netsec/comments/zbfj1a/preauth_rce_with_codeql_in_under_20_minutes/

・利用CodeQL快速挖未授权RCE的示例 – crazyman

• [Android] Critical RCE Flaw With 2M Downloaded Android Remote Keyboard Apps Let Attackers Access keystrokes:
https://cybersecuritynews.com/rce-flaw-with-2m-downloaded-app/

・因身份鉴别和授权机制的缺乏，以及不安全的通信机制，三款总下载量达200万的 app 存在 RCE 漏洞 – andreszeng

• [Web] GitHub – APTIRAN/CVE-2022-21661: The first poc video presenting the sql injection test from ( WordPress Core 5.8.2-‘WP_Query’ / CVE-2022-21661):
https://github.com/APTIRAN/CVE-2022-21661

・ CVE-2022-21661:WordPress Core 5.8.2 – ‘WP_Query’ sql注入 – crazyman

• [Virtualization] Huawei Security Hypervisor Vulnerability:
https://blog.impalabs.com/2212_advisory_huawei-security-hypervisor.html

・ Huawei Hypervisor-利用日志系统的OOB访问(CVE-2021-39979) – crazyman

• [PDF] https://arxiv.org/pdf/2211.16212.pdf:
https://arxiv.org/pdf/2211.16212.pdf

・论文介绍RISC-V架构上的JOP漏洞利用方法 – WireFisher

• [PDF] https://www.synacktiv.com/sites/default/files/2022-11/vlc_vnc_int_overflow-CVE-2022-41325.pdf:
https://www.synacktiv.com/sites/default/files/2022-11/vlc_vnc_int_overflow-CVE-2022-41325.pdf

・ CVE-2022-41325:VLC的vnc模块mallocFrameBufferHandler函数存在整数溢出漏洞 – crazyman

• heapdump泄露Shiro key从而RCE – 先知社区:
https://xz.aliyun.com/t/11908

・ Spring heapdump泄露shiro key造成RCE – crazyman

• CertPotato – Using ADCS to privesc from virtual and network service accounts to local system:
https://sensepost.com/blog/2022/certpotato-using-adcs-to-privesc-from-virtual-and-network-service-accounts-to-local-system/

・ CertPotato-滥用ADCS特性而进行权限提升 – crazyman

• Redirect to https://www.cisa.gov/uscert/ncas/alerts/aa22-335a:
http://go.dhs.gov/Znp