每日安全动态推送(02-09)

Tencent Security Xuanwu Lab Daily News

• SnapLoader:
https://gitlab.com/ORCA666/snaploader

   ・ SnapLoader – 利用 PssCaptureSnapshot 和 PssWalkSnapshot 实现的 Shellcode 注入和线程劫持 – Jett

• CodeQL 数据流分析/污点分析 笔记（上篇）:
http://eternalsakura13.com/2022/02/08/codeql_flow_analyze/

   ・ CodeQL 数据流分析/污点分析 笔记（上篇） – lanying37

• ConPresentations/OffensiveCon2022.RealWorld0days.pdf:
https://github.com/maddiestone/ConPresentations/blob/master/OffensiveCon2022.RealWorld0days.pdf

   ・ Maddie Stone 在 OffensiveCon 2022 会议关于 2021 野外漏洞利用的总结 – Jett

• [Windows] Exploring Windows UAC Bypasses: Techniques and Detection Strategies:
https://elastic.github.io/security-research/whitepapers/2022/02/03.exploring-windows-uac-bypass-techniques-detection-strategies/article/

   ・ Exploring Windows UAC Bypasses: Techniques and Detection Strategies – Jett

• [Crypto] Message schedule – 1st chunk:
https://sha256algorithm.com/

   ・ 比较形象地展示 sha256 算法计算过程的网站 – Jett

• SoK: 浏览器安全分析:
http://paper.seebug.org/1818/

   ・ SoK: 浏览器安全分析. – lanying37

• [Windows] SpoolFool: Windows Print Spooler Privilege Escalation (CVE-2022–22718):
https://research.ifcr.dk/spoolfool-windows-print-spooler-privilege-escalation-cve-2022-22718-bf7752b68d81

   ・ SpoolFool – 今天微软又修复了一个 Windows Print Spooler 本地提权漏洞(CVE-2022–22718) – Jett

• PPE — Poisoned Pipeline Execution:
https://medium.com/cider-sec/ppe-poisoned-pipeline-execution-34f4e8d0d4e9

   ・ Running malicious code in your CI, without access to your CI – Jett

• How Docker Made Me More Capable and the Host Less Secure:
https://www.cyberark.com/resources/threat-research-blog/how-docker-made-me-more-capable-and-the-host-less-secure

   ・ Docker 修复了一个 Host 机普通用户本地提权漏洞（CVE-2021-21284） – Jett

• [Windows] Advanced-Process-Injection-Workshop by CyberWarFare Labs:
https://github.com/RedTeamOperations/Advanced-Process-Injection-Workshop

   ・ Advanced Process Injection Workshop，Windows 进程注入实验环境 – Jett

• Checking your browser before accessing www.bleepingcomputer.com.:
https://www.bleepingcomputer.com/news/security/vodafone-portugal-4g-and-5g-services-down-after-cyberattack/

   ・ 因遭受网络攻击，沃达丰在葡萄牙的 4G、5G 服务被迫中断 – Jett

• [Linux, Tools] Hunting for Persistence in Linux (Part 5): Systemd Generators:
https://pberba.github.io/security/2022/02/07/linux-threat-hunting-for-persistence-systemd-generators/

   ・ Hunting for Persistence in Linux (Part 5): Systemd Generators. – lanying37

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab

原文始发于微信公众号（腾讯玄武实验室）：每日安全动态推送(02-09)