每日安全动态推送(12-28)

Tencent Security Xuanwu Lab Daily News

• [Malware] GuLoader Malware Utilizing New Techniques to Evade Security Software:

   ・ GuLoader 恶意软件实现了大量反分析和反调试功能，其中包括利用硬件断点来 unhook NTDLL 里面的 hook – 

• [Linux] Critical Linux Kernel Vulnerability Let Attackers Execute Remote Code:

   ・ Linux kernel ksmbd UAF RCE漏洞，ZDI-22-1690，CVSS SCORE：10.0 高危漏洞 – 

• [iOS] Heap Overflows on iOS ARM64: Heap Spraying, Use-After-Free (Part 3):

   ・ Heap Overflows on iOS ARM64: Heap Spraying, Use-After-Free (Part 3) – 

• advisories/2022_netcomm_nf20mesh_unauth_rce.md at main · scarvell/advisories:

   ・ Netcomm - 未经身份验证的远程代码执行 – 

• [CTF] HKCERT CTF 2022 Postmortem (I): Easier Crypto Challenges:

   ・ hkcert ctf challenge offical writeup by Mystiz part1 – 

• [Windows] Pass-the-Challenge: Defeating Windows Defender Credential Guard:

   ・ 如何在开启了Windows Defender Credential Guard保护的情况下获取NTLM hash。该方法主要通过控制LSASS进程的ALPC 通信通道与LSAIso进程通信，利用加密脆弱性破解NTLM hash。 – 

• [macOS] GitHub - jhftss/POC: A public collection of POCs & Exploits for the vulnerabilities I discovered:

   ・ A public collection of POCs & Exploits (MacOS) – 

• CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange:

   ・ CVE-2022-41040 and CVE-2022-41082  MS Exchange RCE 漏洞的利用细节 – 

• Data exfiltration using a COVID-bit attack:

   ・ 通过将CPU的供电电路变成Transmitter来从隔离的机器上偷数据。 – 

* 查看或搜索历史推送内容请访问：

* 新浪微博账号：腾讯玄武实验室