每日安全动态推送(11-30)

Tencent Security Xuanwu Lab Daily News

• Mover_Final_Report.pdf:

   ・ Mover合约的审计报告，包含一个高危和一个中危漏洞。 – 

• [Pentest] Home Grown Red Team: Lateral Movement With Havoc C2 And Microsoft EDR:

   ・ Havoc C2 绕过 Defender For Endpoint 横向移动实战 – 

• [Tools] Overview:

   ・ peafl64: 用于fuzz的Windows 64位PE文件静态插桩工具 – 

   ・ Windows 漏洞利用缓解细节参考 – 

• [Tools] Pointer compression in Oilpan:

   ・ Chrome团队在Oilpan中开启了指针压缩以提升性能。 – 

• Emotet Strikes Again - LNK File Leads to Domain Wide Ransomware - The DFIR Report:

   ・ LNK文件导致的勒索攻击 – 

• [Tools] r/ReverseEngineering - Heap_detective is an open-source static analysis tool that finds pitfalls in heap memory usage in C and C++.:

   ・ 基于污点分析技术的C/C++语言堆漏洞静态检测工具 – 

• [Vulnerability] GCC undefined behaviors are getting wild : programming:

   ・ x86-64 上的 GCC 12.2.0 对UB行为的处理可能导致看上去无害的整数溢出漏洞变得危险 – 

• [Windows] Dynamic Analysis of Windows Exploit Mitigations — Import Address Filtering.:

   ・ 动态分析Windows漏洞缓解技术之导入地址过滤 – 

• YApi <1.12.0 远程命令执行漏洞:

   ・ YApi远程命令执行的漏洞分析，文中提供了一款命令行扫描工具scalpel – 

• [Web] Researchers Detail AppSync Cross-Tenant Vulnerability in Amazon Web Services:

   ・ AWS AppSyncs的confused deputy problem漏洞的细节，该漏洞允许一个恶意租户通过AppSyncs的访问别的租户的资源 – 

• [iOS] Researcher released the technical details for CVE-2022-32898 in iOS 16:

   ・ ios16 内核内存破坏漏洞分析，可从APP默认沙箱直接触发 – 

* 查看或搜索历史推送内容请访问：

* 新浪微博账号：腾讯玄武实验室