Tencent Security Xuanwu Lab Daily News
• CobaltStrike Malleable PE:
https://tttang.com/archive/1662/
・ CobaltStrike Malleable PE
– lanying37
• Access Checking Active Directory:
https://www.tiraniddo.dev/2022/07/access-checking-active-directory.html
・ James Forshaw 对 Active Directory 访问控制实现机制的分析
– Jett
• Exploiting Android Vulnerabilities with Malicious Third-Party Apps (featuring Oversecured APK) | by Felix Alexander | Jul, 2022 | Medium:
https://medium.com/@as3ng/exploiting-android-vulnerabilities-with-malicious-third-party-apps-featuring-oversecured-apk-adea3241ce49
・ 以 OVAA App 为例研究 Android 平台第三方 App 漏洞的利用
– Jett
• GitHub – dashingsoft/pyarmor: A tool used to obfuscate python scripts, bind obfuscated scripts to fixed machine or expire obfuscated scripts.:
https://github.com/dashingsoft/pyarmor
・ PyArmor – Python 脚本代码混淆工具
– Jett
• Mantis – the most powerful botnet to date:
https://blog.cloudflare.com/mantis-botnet/
・ Cloudflare 对每秒 2600 万请求的 Mantis Botnet 的分析
– Jett
• Build your first LLVM Obfuscator:
https://polarply.medium.com/build-your-first-llvm-obfuscator-80d16583392b
・ Build your first LLVM Obfuscator
– Jett
• [Windows] Genesis – The Birth Of A Windows Process (Part 2):
https://fourcore.io/blogs/how-a-windows-process-is-created-part-2
・ The Birth Of A Windows Process (Part 2)
– lanying37
• JARM 指纹混淆随机化技术实现:
https://paper.seebug.org/1934/
・ JARM 指纹混淆随机化技术实现
– Jett
• AMSI Bypass – Memory Patching – aidenpearce369:
https://aidenpearce369.github.io/offsec/AMSI-Memory-Bypass/
・ 恶意软件检测接口 AMSI 实现机制分析
– Jett
• ptmalloc cheatsheet – evilpan:
https://evilpan.com/2022/07/17/ptmalloc-notes/
・ ptmalloc cheatsheet
– Jett
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(07-18)
