每日安全动态推送(06-09)

Tencent Security Xuanwu Lab Daily News

• Zero Day Initiative — CVE-2022-26937: Microsoft Windows Network File System NLM Portmap Stack Buffer Overflow:
https://www.zerodayinitiative.com/blog/2022/6/7/cve-2022-26937-microsoft-windows-network-file-system-nlm-portmap-stack-buffer-overflow

   ・ Windows 网络文件系统 NLM Portmap 栈溢出漏洞分析（CVE-2022-26937） – Jett

• Router security in 2021:
https://securelist.com/router-security-2021/106711/

   ・ 卡巴斯基对 2021 年路由器安全现状的分析报告 – Jett

• uprobe HOOK:
https://github.com/ehids/ecapture

   ・ eCapture – 基于 eBPF 技术实现 TLS 加密的明文捕获 – Jett

• Extracting Clear-Text Credentials Directly From Chromium’s Memory:
https://www.cyberark.com/resources/threat-research-blog/extracting-clear-text-credentials-directly-from-chromium-s-memory

   ・ 在 Chromium 浏览器的内存 Dump 中提取输入的明文密码 – Jett

• Detecting DNS Tunneling using Spark Structured Streaming | by Salil Jain | Jun, 2022 | InfoSec Write-ups:
https://infosecwriteups.com/detecting-dns-tunneling-using-spark-structured-streaming-c7e2b6af0349

   ・ Detecting DNS Tunneling using Spark Structured Streaming – Jett

• [Tools] GitHub – quarkslab/tpmee:
https://github.com/quarkslab/tpmee

   ・ TPMEavesEmu – 通过模拟的方法辅助测试 TPM 实现安全的工具 – Jett

• SpringBoot Actuator之 logging.config grovvy rce分析及内存马注入:
https://tttang.com/archive/1620/

   ・ SpringBoot Actuator之 logging.config grovvy rce分析及内存马注入 – lanying37

• Kernel Recipes 2022:
https://youtu.be/v–rVT4RsCE?t=17119

   ・ Kernel Recipes 2022线上会议演讲视频 – lanying37

• Using Windows Event Log IDs for Threat Hunting – FourCore:
https://fourcore.io/blogs/threat-hunting-with-windows-event-log-sigma-rules

   ・ 基于 Windows 内置 Event Log 的威胁检测 – Jett

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab

原文始发于微信公众号（腾讯玄武实验室）：每日安全动态推送(06-09)