每日安全动态推送(1-16)

渗透技巧 1年前 (2023) admin

607 0 0

Tencent Security Xuanwu Lab Daily News

• [Windows] ExplorerPersist:
https://github.com/D1rkMtr/ExplorerPersist

・劫持cscapi.dll以劫持explorer.exe来进行持久化驻留 – crazyman

• 通过隐藏导入表的方式规避杀软 – 先知社区:
https://xz.aliyun.com/t/12035

・通过隐藏导入表的方式规避杀软 – lanying37

• momika233/CVE-2022-3656:
https://github.com/momika233/CVE-2022-3656

・ CVE-2022-3656:Google Chrome 和基于 Chromium 的浏览器由于对一些文件上传功能缺乏symlink的检查,从而导致通过滥用symlink可以盗取你本地的一些重要配置文件 – crazyman

• Hackers Selling Telegram Insider Server Access on Dark Web Forums:
https://gbhackers.com/hackers-selling-telegram-insider-server/

・暗网在出售tg服务器访问权限，真伪难辨。 – Atum

• Binarly researchers conduct a deep-dive investigation into Lenovo’s LEN-94952 bulletin and find that two vulnerabilities — CVE-2022-3430 and CVE-2022-3431 — remain unfixed one month after their official disclosure.:
https://binarly.io/posts/Multiple_Vulnerabilities_in_Qualcomm_and_Lenovo_ARM_based_Devices/index.html

・ binarly的安全研究人员发现了高通和联想一些漏洞(溢出和泄露),并将部分细节进行展示 – crazyman

• TouchEn nxKey: The keylogging anti-keylogger solution:
https://palant.info/2023/01/09/touchen-nxkey-the-keylogging-anti-keylogger-solution/

・针对TouchEn nxKey键盘加密保护的安全研究,以及通过其中发现了一些不安全的漏洞,导致其可能会被利用成为恶意软件 – crazyman

• Cisco Small Business RV016, RV042, RV042G, and RV082 Routers Vulnerabilities:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5#workarounds:~:text=Block%20Access%20to%20Ports%20443%20and%2060443

・思科的多个型号的小型商用路由器出现了认证绕过&RCE漏洞。 – Atum

• 1369871 – Security: Race condition in JSCreateLowering, leading to RCE – chromium:
https://crbug.com/1369871

・ CVE-2022-3652:通过JSCreateLowering的条件竞争导致RCE – crazyman

• NoName057(16) – The Pro-Russian Hacktivist Group Targeting NATO:
https://www.sentinelone.com/labs/noname05716-the-pro-russian-hacktivist-group-targeting-nato/

・ NoName057(16) – 以北约为目标的亲Ru黑客组织 – crazyman

• CVE-2022-43704 – Capture-Replay Vulnerability in Sinilink XY-WFT1 Thermostat:
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2022-43704-capture-replay-vulnerability-in-sinilink-xy-wft1-thermostat/

・ CVE-2022-43704-Sinilink XY-WFT1 Thermostat中的重放漏洞 – crazyman

• [Android, Tools] Bypassing Frida detection in Android:
https://youtu.be/M0ETKs6DZn8

・一个绕过安卓APP中的frida检测的视频教程 – Atum

• [Web] Client-Side SSRF to Google Cloud Project Takeover [Google VRP]:
https://blog.geekycat.in/client-side-ssrf-to-google-cloud-project-takeover/

・客户端SSRF到Google Cloud Project接管 – crazyman

• mqtt 攻击面和挖掘思路浅析:
https://paper.seebug.org/2040/

・ mqtt 攻击面和挖掘思路浅析 – crazyman

• NeedleDropper:
https://decoded.avast.io/threatresearch/needledropper/

・ Avast对于NeedleDropper形式恶意软件投递的分析,文中的案例主要用于FormBook商贸信的部署 – crazyman

• [Attack] APT_REPORT/summary/2023/2022 Yearbook of APT group Analysis.pdf:
https://github.com/blackorbird/APT_REPORT/blob/master/summary/2023/2022%20Yearbook%20of%20APT%20group%20Analysis.pdf

・ 2022年APT组织分析年鉴 – crazyman

• 基于代码属性图的自动化漏洞挖掘实践:
https://blog.0kami.cn/blog/2023/%E5%9F%BA%E4%BA%8E%E4%BB%A3%E7%A0%81%E5%B1%9E%E6%80%A7%E5%9B%BE%E7%9A%84%E8%87%AA%E5%8A%A8%E5%8C%96%E6%BC%8F%E6%B4%9E%E6%8C%96%E6%8E%98%E5%AE%9E%E8%B7%B5/

・基于代码属性图的自动化漏洞挖掘实践 – crazyman

• GitHub – PaulNorman01/Forensia: Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase.:
https://github.com/PaulNorman01/Forensia

・ Forensia:RedTeam后渗透阶段的痕迹清理工具 – crazyman

• WalkerGate:
https://github.com/DallasFR/WalkerGate

・ WalkerGate:通过查找ntdll的内存解析以进行系统调用 – crazyman

• [PDF] https://breakingthe3ma.app/files/Threema-PST22.pdf:
https://breakingthe3ma.app/files/Threema-PST22.pdf

・瑞士加密聊天应用程序 Threema 的加密漏洞的分析,其会破坏身份验证保护甚至可以恢复用户的私钥 – crazyman

• Keeping the wolves out of wolfSSL:
https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/

・ trailofbits发布关于使用tlspuffin来fuzzing wolfSSL并发现4个DOS漏洞的细节以及一些fuzzing的方法论思路 – crazyman

• [macOS] Bad things come in large packages: .pkg signature verification bypass on macOS · Sector 7:
https://sector7.computest.nl/post/2023-01-xar/

・ CVE-2022-42841:由于在解析xar中出现由类型转换导致的整数溢出而导致pkg的签名验证成功,可绕过SIP,Gatekeeper并在特定条件下提权到root – crazyman

• [Windows] Racing bugs in Windows kernel:
https://dannyodler.hashnode.dev/racing-bugs-in-windows-kernel

・关于Window kernel两个条件竞争漏洞（CVE-2023-21536、CVE-2023-21537）的挖掘、利用思路。 – P4nda

• Using ChatGPT to Visualize Ransomware Leak Site Data:
https://www.th3protocol.com/2022/ChatGPT-LeakSite-Analysis