• [Programming] Debugging Protected Processes:
https://itm4n.github.io/debugging-protected-processes/
・ 如何使用PPLKiller绕过PPL保护调试受保护的进程及相关技术原理。
– P4nda
• Threat Analysis: MSI - Masquerading as a Software Installer:
https://www.cybereason.com/blog/threat-analysis-msi-masquerading-as-software-installer
・ 伪装成MSI的植入物分析
– crazyman
• [Tools] Neton - Tool For Getting Information From Internet Connected Sandboxes:
http://www.kitploit.com/2022/12/neton-tool-for-getting-information-from.html
・ Neton,用于获取沙箱指纹的工具
– keenan
• [Web] pocs/flipper_rce_xss.js at main · caioluders/pocs:
https://github.com/caioluders/pocs/blob/main/flipper_rce_xss.js
・ XSS 2 RCE on flipper_zero
– crazyman
• [Web] CVE-2022-46169: Critical vulnerability affects Cacti network graphing solution:
https://securityonline.info/cve-2022-46169-critical-vulnerability-affects-cacti-network-graphing-solution/
・ Cacti修复了评分9.8的命令注入漏洞CVE-2022-46169,攻击无需认证。
– keenan
• [Malware] A Detailed Analysis Of The Last Version Of R Evil Ransomware:
https://securityscorecard.pathfactory.com/research/detailed-analysis-revil
・ REvil勒索软件的分析报告
– keenan
• [Windows] The Defender’s Guide to the Windows Registry:
https://posts.specterops.io/the-defenders-guide-to-the-windows-registry-febe241abc75
・ 介绍Windows注册表内部构成及相关安全防护措施
– WireFisher
• [Web] Cache Poisoning? - Solution to November '22 XSS Challenge:
https://www.youtube.com/watch?v=nY7HT1lNHwQ
・ 利用缓存投毒进行XSS - November '22 XSS 挑战的官方解决方案
– crazyman
• [Wireless, Tools] Hacking Bluetooth to Brew Coffee from GitHub Actions: Part 1 - Bluetooth Investigation:
https://grack.com/blog/2022/12/01/hacking-bluetooth-to-brew-coffee-on-github-actions-part-1
・ Hacking Bluetooth to Brew Coffee from GitHub Actions: Part 1 - Bluetooth Investigation
– lanying37
• DuckLogs 恶意软件在野外执行多种恶意活动:
https://paper.seebug.org/2034/
・ DuckLogs 恶意软件在野外执行多种恶意活动
– lanying37
• Hackers Actively Attack RDP Servers To Deploy Ransomware:
https://cybersecuritynews.com/rdp-servers-actively-targeted-by-hackers/
・ 恶意软件新趋势:越来越多的勒索软件利用已知口令或漏洞对 RDP 服务端进行攻击
– andreszeng
• [Tools] PrideLocker - a new fork of Babuk ESX encryptor:
https://www.synacktiv.com/publications/pridelocker-a-new-fork-of-babuk-esx-encryptor.html
・ Synacktiv发布了对针对ESXi名为PrideLocker的勒索的详细分析
– crazyman
• [Windows] deepinstinct/Lsass-Shtinkering:
https://github.com/deepinstinct/Lsass-Shtinkering
・ 通过滥用 Windows 错误报告服务以dump LSASS 的方法,来自DC30议题LSASS Shtinkering Abusing Windows Error Reporting to Dump LSASS
– crazyman
• Weaponizing Discord Shell via SMB:
https://medium.com/@lsecqt/weaponizing-discord-shell-via-smb-92375e730e26
・ 在Discord中植入RCE后门的尝试,作者起初选择使用Python调用API与server通信,并通过Nuitka将其打包为PE,但会使得程序文件大小增加40+ MB,后续尝试通过SMB进行优化。
– keenan
• [Windows, Tools] CVE-2022-41120 PoC released for Windows Sysmon Elevation of Privilege Vulnerability:
https://securityonline.info/cve-2022-41120-poc-released-for-windows-sysmon-elevation-of-privilege-vulnerability/
・ Sysmon 中包含一个能让普通用户以 “NT AUTHORITYSYSTEM” 用户的身份完成任意文件/目录删除操作的漏洞,将该漏洞与 “利用任意文件删除进行提权” 技术相结合,可完成EoP
– andreszeng
• [Linux, Reverse Engineering] Resources:
https://github.com/romainthomas/reverse-engineering-workshop
・ 一个逆向工程研讨会的ppt,讲到了很多x86下逆向的技巧
– ArisXu
• [Pentest] Data exfiltration using Excel:
https://systemweakness.com/data-exfiltration-using-excel-d12271525fb6
・ C2 新思路:利用 Excel 的 WEBSERVICE 函数 “在检测到 url 发生变化时自动发起新请求” 这一特性进行数据泄露
– andreszeng
• [Browser] Sandboxing V8:
https://docs.google.com/presentation/d/1iDWDHuAZ8ee-dRF5Lkf0nwO2mkLdZG_YJEP1yPvJ09E/edit?usp=sharing
・ V8 heap sandbox安全机制设计思路及防御的主要漏洞类型。
– P4nda
• [Windows, Forensics] An Introduction To Memory Forensics: Windows Process Internals | by Joseph Moronwi:
https://bit.ly/3MxqS6j
・ 从取证的角度分析Windows进程中的有趣的数据结构
– Atum
• [IoT] CVE-2022-45313: Mikrotik RouterOs flaw can lead to execute arbitrary code:
https://securityonline.info/cve-2022-45313-mikrotik-routeros-flaw-can-lead-to-execute-arbitrary-code/
・ MikroTik RouterOS 的 hotspot 程序存在越界读漏洞,可能导致有权限的用户获得任意代码执行能力
– WireFisher
• [Vulnerability] CVE-2022-46164: Account Takeover Vulnerability Found in NodeBB:
https://securityonline.info/cve-2022-46164-account-takeover-vulnerability-found-in-nodebb/
・ NodeBB 中存在一个原型污染漏洞,攻击者可利用该漏洞接管他人的账户
– andreszeng
• Critical Ping bug potentially allows remote hack of FreeBSD systems:
https://securityaffairs.co/wordpress/139300/hacking/cve-2022-23093-freebsd-systems-flaw.html
・ freebsd的ping有一个栈溢出漏洞,一个恶意的ICMP response可能会导致运行ping的主机被RCE。
– Atum
• r/ReverseEngineering - How to replicate OpenSSL vulnerabilities CVE-2022-3602 and CVE-2022-3786 and use libfuzzer:
https://www.reddit.com/r/ReverseEngineering/comments/zbyx41/how_to_replicate_openssl_vulnerabilities/
・ 两个OpenSSL高危漏洞分析(CVE-2022-3786、CVE-2022-3602),以及如何使用libfuzzer去发现上述漏洞。
– P4nda
• Bug in Honda, Nissan, Toyota Cars App Let Hackers Unlock & Start The Car Remotely:
https://cybersecuritynews.com/vulnerability-in-honda-nissan-toyota-cars-app/
・ SiriusXM 某一网站存在漏洞可影响多家车企,允许攻击者仅通过VID即可获取客户信息,通过进一步提权可导致受害客户的汽车被远程解锁、启动、定位、鸣笛。
– WireFisher
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
还没有评论,来说两句吧...