每日安全动态推送(01-05)

Tencent Security Xuanwu Lab Daily News

• [Windows] HyperGuard – Secure Kernel Patch Guard: Part 1 – SKPG Initialization:
https://windows-internals.com/hyperguard-secure-kernel-patch-guard-part-1-skpg-initialization/

   ・ Windows 内核的 Secure Kernel Patch Guard 保护机制分析 – Jett

• [Tools] Alder Lake and the new Intel Features:
https://www.andrea-allievi.com/blog/alder-lake-and-the-new-intel-features/

   ・ Intel 12 代 CPU Alder Lake 新增的 VT-rp 硬件保护特性的分析 – Jett

• Pwn2Own-Safari 漏洞 CVE-2021-30734 分析与利用:
http://paper.seebug.org/1804/

   ・ Pwn2Own-Safari 漏洞 (CVE-2021-30734) 分析与利用. – lanying37

• coco413/SecMind: 安全导图:
https://github.com/coco413/SecMind

   ・ 学习网络安全相关的思维导图资料合集。 – lanying37

• Resources:
https://github.com/cert-ee/cuckoo3

   ・ CERT-EE 开源其维护开发的 Cuckoo 3 – Jett

• [Malware] ?️ Printable:
https://objective-see.com/blog/blog_0x6B.html

   ・ The Mac Malware of 2021 – Jett

• What is TCA:
https://github.com/Tencent/CodeAnalysis

   ・ TCA – 腾讯云代码分析平台，通过词法分析、语法分析、控制流、数据流分析等技术对程序代码进行分析的工具 – Jett

• NoAgent内存马检测工具:
https://tttang.com/archive/1390/

   ・ NoAgent内存马检测工具. – lanying37

• [Reverse Engineering, Tools] Reverse Engineering Radios – ARM Binary Images in IDA Pro:
https://do1alx.de/2022/reverse-engineering-radios-arm-binary-images-in-ida-pro/

   ・ Reverse Engineering Radios – ARM Binary Images in IDA Pro. – lanying37

• Kimsuky组织针对韩国新闻行业的钓鱼活动分析:
https://mp.weixin.qq.com/s/O_3PFAB4RGxJXHnx_o9f3Q

   ・ Kimsuky组织针对韩国新闻行业的钓鱼活动分析. – lanying37

• [Reverse Engineering, Tools] alphaSeclab/awesome-reverse-engineering:
https://github.com/alphaSeclab/awesome-reverse-engineering/blob/master/Readme_en.md

   ・ Awesome Reverse Engineering Resources  – Jett

• [Tools] Automated RE of Kernel Configurations:
https://zznop.com/2022/01/02/automated-re-of-kernel-build-configs/

   ・ 通过自动化分析 Linux 内核镜像，生成 Kconfig 配置文件 – Jett

• Microsoft fixes harebrained Y2K22 Exchange bug that disrupted email worldwide | Ars Technica:
https://arstechnica.com/information-technology/2022/01/exchange-server-bug-gets-a-fix-after-ruining-admins-new-years-plans/

   ・ 因有符号整型存储时间的问题，Microsoft Exchange Server 服务器出现大面积宕机。目前微软已发布补丁 – Jett

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab

原文始发于微信公众号（腾讯玄武实验室）：每日安全动态推送(01-05)