每日安全动态推送(1-16)

Tencent Security Xuanwu Lab Daily News

• [Windows] ExplorerPersist:
https://github.com/D1rkMtr/ExplorerPersist

   ・ 劫持cscapi.dll以劫持explorer.exe来进行持久化驻留 – crazyman


• 通过隐藏导入表的方式规避杀软 - 先知社区:
https://xz.aliyun.com/t/12035

   ・ 通过隐藏导入表的方式规避杀软 – lanying37


• momika233/CVE-2022-3656:
https://github.com/momika233/CVE-2022-3656

   ・ CVE-2022-3656:Google Chrome 和基于 Chromium 的浏览器由于对一些文件上传功能缺乏symlink的检查,从而导致通过滥用symlink可以盗取你本地的一些重要配置文件 – crazyman


• Hackers Selling Telegram Insider Server Access on Dark Web Forums:
https://gbhackers.com/hackers-selling-telegram-insider-server/

   ・ 暗网在出售tg服务器访问权限,真伪难辨。 – Atum


• Binarly researchers conduct a deep-dive investigation into Lenovo’s LEN-94952 bulletin and find that two vulnerabilities -- CVE-2022-3430 and CVE-2022-3431 -- remain unfixed one month after their official disclosure.:
https://binarly.io/posts/Multiple_Vulnerabilities_in_Qualcomm_and_Lenovo_ARM_based_Devices/index.html

   ・ binarly的安全研究人员发现了高通和联想一些漏洞(溢出和泄露),并将部分细节进行展示 – crazyman


• TouchEn nxKey: The keylogging anti-keylogger solution:
https://palant.info/2023/01/09/touchen-nxkey-the-keylogging-anti-keylogger-solution/

   ・ 针对TouchEn nxKey键盘加密保护的安全研究,以及通过其中发现了一些不安全的漏洞,导致其可能会被利用成为恶意软件 – crazyman


• Cisco Small Business RV016, RV042, RV042G, and RV082 Routers Vulnerabilities:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5#workarounds:~:text=Block%20Access%20to%20Ports%20443%20and%2060443

   ・ 思科的多个型号的小型商用路由器出现了认证绕过&RCE漏洞。 – Atum


• 1369871 - Security: Race condition in JSCreateLowering, leading to RCE - chromium:
https://crbug.com/1369871

   ・ CVE-2022-3652:通过JSCreateLowering的条件竞争导致RCE – crazyman


• NoName057(16) - The Pro-Russian Hacktivist Group Targeting NATO:
https://www.sentinelone.com/labs/noname05716-the-pro-russian-hacktivist-group-targeting-nato/

   ・ NoName057(16) – 以北约为目标的亲Ru黑客组织 – crazyman


• CVE-2022-43704 - Capture-Replay Vulnerability in Sinilink XY-WFT1 Thermostat:
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2022-43704-capture-replay-vulnerability-in-sinilink-xy-wft1-thermostat/

   ・ CVE-2022-43704-Sinilink XY-WFT1 Thermostat中的重放漏洞 – crazyman


• [Android, Tools] Bypassing Frida detection in Android:
https://youtu.be/M0ETKs6DZn8

   ・ 一个绕过安卓APP中的frida检测的视频教程 – Atum


• [Web] Client-Side SSRF to Google Cloud Project Takeover [Google VRP]:
https://blog.geekycat.in/client-side-ssrf-to-google-cloud-project-takeover/

   ・ 客户端SSRF到Google Cloud Project接管 – crazyman


• mqtt 攻击面和挖掘思路浅析:
https://paper.seebug.org/2040/

   ・ mqtt 攻击面和挖掘思路浅析 – crazyman


• NeedleDropper:
https://decoded.avast.io/threatresearch/needledropper/

   ・ Avast对于NeedleDropper形式恶意软件投递的分析,文中的案例主要用于FormBook商贸信的部署 – crazyman


• [Attack] APT_REPORT/summary/2023/2022 Yearbook of APT group Analysis.pdf:
https://github.com/blackorbird/APT_REPORT/blob/master/summary/2023/2022%20Yearbook%20of%20APT%20group%20Analysis.pdf

   ・ 2022年APT组织分析年鉴 – crazyman


• 基于代码属性图的自动化漏洞挖掘实践:
https://blog.0kami.cn/blog/2023/%E5%9F%BA%E4%BA%8E%E4%BB%A3%E7%A0%81%E5%B1%9E%E6%80%A7%E5%9B%BE%E7%9A%84%E8%87%AA%E5%8A%A8%E5%8C%96%E6%BC%8F%E6%B4%9E%E6%8C%96%E6%8E%98%E5%AE%9E%E8%B7%B5/

   ・ 基于代码属性图的自动化漏洞挖掘实践 – crazyman


• GitHub - PaulNorman01/Forensia: Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase.:
https://github.com/PaulNorman01/Forensia

   ・ Forensia:RedTeam后渗透阶段的痕迹清理工具 – crazyman


• WalkerGate:
https://github.com/DallasFR/WalkerGate

   ・ WalkerGate:通过查找ntdll的内存解析以进行系统调用 – crazyman


• [PDF] https://breakingthe3ma.app/files/Threema-PST22.pdf:
https://breakingthe3ma.app/files/Threema-PST22.pdf

   ・ 瑞士加密聊天应用程序 Threema 的加密漏洞的分析,其会破坏身份验证保护甚至可以恢复用户的私钥 – crazyman


• Keeping the wolves out of wolfSSL:
https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/

   ・ trailofbits发布关于使用tlspuffin来fuzzing wolfSSL并发现4个DOS漏洞的细节以及一些fuzzing的方法论思路 – crazyman


• [macOS] Bad things come in large packages: .pkg signature verification bypass on macOS · Sector 7:
https://sector7.computest.nl/post/2023-01-xar/

   ・ CVE-2022-42841:由于在解析xar中出现由类型转换导致的整数溢出而导致pkg的签名验证成功,可绕过SIP,Gatekeeper并在特定条件下提权到root – crazyman


• [Windows] Racing bugs in Windows kernel:
https://dannyodler.hashnode.dev/racing-bugs-in-windows-kernel

   ・ 关于Window kernel两个条件竞争漏洞(CVE-2023-21536、CVE-2023-21537)的挖掘、利用思路。 – P4nda


• Using ChatGPT to Visualize Ransomware Leak Site Data:
https://www.th3protocol.com/2022/ChatGPT-LeakSite-Analysis

   ・ 一个通过“要求ChatGPT写可视化代码”来做数据可视化的案例,里面有多个case,看起来效果都不错。 – Atum


• Dark Pink:
https://blog.group-ib.com/dark-pink-apt

   ・ Dark Pink APT组织(aka Saaiwc Group)针对东南亚以及欧洲公司的入侵活动披露与分析 – crazyman


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(1-16)

版权声明:admin 发表于 2023年1月16日 上午9:46。
转载请注明:每日安全动态推送(1-16) | CTF导航

相关文章

暂无评论

暂无评论...