每日安全动态推送(08-26)

Tencent Security Xuanwu Lab Daily News

• psexec原理分析和实现:
https://tttang.com/archive/1710/

   ・ psexec原理分析和实现 – lanying37

• Magnifier: An Experiment with Interactive Decompilation:
https://blog.trailofbits.com/2022/08/25/magnifier-an-experiment-with-interactive-decompilation/

   ・ Magnifier – 交互式反编译工具 – Jett

• Announcing the Open Sourcing of Paranoid’s Library:
http://security.googleblog.com/2022/08/announcing-open-sourcing-of-paranoids.html

   ・ Paranoid – 在项目中检测加密、签名组件是否存在已知漏洞的工具库 – Jett

• Windows System Calls For Hunters:
https://marcoramilli.com/2022/08/23/windows-system-calls-for-hunters/

   ・ 基于 Windows System Calls Trace 的威胁检测 – Jett

• Celer Network cBridge 跨链桥事故真相：BGP 劫持:
https://paper.seebug.org/1948/

   ・ Celer Network cBridge 跨链桥事故真相：BGP 劫持 – lanying37

• Bypassing AppLocker by abusing HashInfo:
https://shells.systems/post-bypassing-applocker-by-abusing-hashinfo/

   ・ Bypassing AppLocker by abusing HashInfo – Jett

• [Tools] 0xrawsec/whids:
https://github.com/0xrawsec/whids

   ・ 为 Windows 开发的开源版本 EDR – Jett

• 2-byte DoS in freebsd-telnetd / netbsd-telnetd / netkit-telnetd / inetutils-telnetd / telnetd in Kerberos Version 5 Applications – Binary Golf Grand Prix 3 – IT Security Research by Pierre:
https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html

   ・ FreeBSD-telnetd, NetBSD-telnetd 等相关组件被发现多个漏洞 – Jett

• 利用 PHP-FPM 做内存马的方法:
https://tttang.com/archive/1720/

   ・ 利用 PHP-FPM 做内存马的方法 – lanying37

• Root Cause of Windows Dirty Pipe:
http://whereisk0shl.top/post/break-me-out-of-sandbox-in-old-pipe-cve-2022-22715-windows-dirty-pipe

   ・ Windows Dirty Pipe CVE-2022-22715 命名管道驱动沙箱逃逸漏洞分析 – Jett

• But You Told Me You Were Safe: Attacking the Mozilla Firefox Sandbox (Part 2):
https://www.zerodayinitiative.com/blog/2022/8/23/but-you-told-me-you-were-safe-attacking-the-mozilla-firefox-renderer-part-2

   ・ Pwn2Own 比赛利用第二个 Prototype Pollution 实现 Render 进程的逃逸 – Jett

• [PDF] https://conference.hitb.org/hitbsecconf2022sin/materials/D1T1%20-%20Erybody%20Gettin%20TIPC%20-%20Demystifying%20Remote%20Linux%20Kernel%20Exploitation%20-%20Sam%20Page.pdf:
https://conference.hitb.org/hitbsecconf2022sin/materials/D1T1%20-%20Erybody%20Gettin%20TIPC%20-%20Demystifying%20Remote%20Linux%20Kernel%20Exploitation%20-%20Sam%20Page.pdf

   ・ Linux 内核远程利用方法和技巧，来自 HITB 会议 – Jett

• [Linux] The linux kernel modules programming:
https://0x00sec.org/t/the-linux-kernel-modules-programming/30639

   ・ linux内核模块编程教程 – lanying37

• Ghidrathon: Snaking Ghidra with Python 3 Scripting:
https://www.mandiant.com/resources/blog/ghidrathon-snaking-ghidra-python-3-scripting

   ・ Ghidrathon – 为 Ghidra 提供 Python3 扩展支持 – Jett

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab

原文始发于微信公众号（腾讯玄武实验室）：每日安全动态推送(08-26)