每日安全动态推送(07-07)

Tencent Security Xuanwu Lab Daily News

• 一种全新的内存马:
https://veo.pub/2022/memshell/

   ・ 一种全新的内存马  – lanying37

• How to launch?:
https://github.com/citronneur/pamspy

   ・ pamspy – 利用 eBPF 技术 dump Linux 认证凭据 – Jett

• Account hijacking using “dirty dancing” in sign-in OAuth-flows – Detectify Labs:
https://labs.detectify.com/2022/07/06/account-hijacking-using-dirty-dancing-in-sign-in-oauth-flows/

   ・ Account hijacking using “dirty dancing” in sign-in OAuth-flows  – Jett

• GitHub – mandiant/route-sixty-sink: Link sources to sinks in C# applications.:
https://github.com/mandiant/route-sixty-sink

   ・ 利用污点分析技术在 .NET 汇编层面检测漏洞 – Jett

• Apple expands industry-leading commitment to protect users from highly targeted mercenary spyware:
https://www.apple.com/newsroom/2022/07/apple-expands-commitment-to-protect-users-from-mercenary-spyware/

   ・ Apple 计划秋季在 iOS、iPadOS、macOS 推出 Lockdown 模式，开启后极大收紧攻击面，对抗 APT 恶意攻击 – Jett

• What can I do to prevent this in the future?:
https://www.mandiant.com/resources/fuzzing-image-parsing-windows-part-four

   ・ Fuzz Windows 的 HEIF 图片处理库 – Jett

• Dynamic analysis of firmware components in IoT devices:
https://securelist.com/dynamic-analysis-of-firmware-components-in-iot-devices/106901/

   ・ IoT 设备固件组件的动态分析方案 – Jett

• talks/F-Secure/unorthodox-lateral-movement.pdf:
https://github.com/RiccardoAncarani/talks/blob/master/F-Secure/unorthodox-lateral-movement.pdf

   ・ 基于 RPC 和 DCOM 的渗透测试横向渗透 – Jett

• The Poor Man’s Obfuscator:
https://www.romainthomas.fr/publication/22-pst-the-poor-mans-obfuscator/

   ・ 基于 lief 实现的代码混淆工具 – Jett

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab

原文始发于微信公众号（腾讯玄武实验室）：每日安全动态推送(07-07)