Tencent Security Xuanwu Lab Daily News
• Understanding the Compound File Binary Format and OLE Structures to Mess with CVE-2022-30190 – Cymulate:
https://cymulate.com/blog/cve-2022-30190-2/
・ 利用 RTF 文档嵌入 Follina CVE-2022-30190 Exploit
– Jett
• [Tools] Simple tracing with hooked “read” syscall and dynamic loading:
https://github.com/FrenchYeti/interruptor
・ interruptor – 对 Frida Stalker 封装,提供更加易用的 Hook 库
– Jett
• [Tools] README.md:
https://github.com/Yamato-Security/hayabusa
・ Hayabusa – 基于 Windows Event Log 的快速取证 Timeline 分析工具
– Jett
• Embedding Payloads and Bypassing Controls in Microsoft InfoPath:
https://spaceraccoon.dev/embedding-payloads-bypassing-controls-microsoft-infopath/
・ Embedding Payloads and Bypassing Controls in Microsoft InfoPath
– Jett
• [PDF] https://arxiv.org/pdf/2205.06114.pdf:
https://arxiv.org/pdf/2205.06114.pdf
・ Evil Never Sleeps,iPhone 关机后仍然在运行的恶意代码(Paper)
– Jett
• [Machine Learning] Attacking the Performance of Machine Learning Systems:
https://www.schneier.com/blog/archives/2022/06/attacking-the-performance-of-machine-learning-systems.html
・ Attacking the Performance of Machine Learning Systems
– Jett
• Project Zero:
https://googleprojectzero.blogspot.com/2022/06/curious-case-carrier-app.html
・ Project Zero 对 iOS CVE-2021-30983 野外利用样本及漏洞利用过程的分析
– Jett
• [Tools] What is Sigma:
https://github.com/SigmaHQ/sigma
・ Sigma – 用于 SIEM 系统通用地描述事件日志的开放格式
– Jett
• CVE-2022-23222漏洞及利用分析:
https://tttang.com/archive/1628/
・ CVE-2022-23222漏洞及利用分析
– lanying37
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(06-24)
