Tencent Security Xuanwu Lab Daily News
• CVE-2022-26113: FortiClient Arbitrary File Write As SYSTEM:
https://rhinosecuritylabs.com/research/cve-2022-26113-forticlient-arbitrary-file-write-as-system/
・ FortiClient VPN 客户端 SYSTEM 权限任意文件写漏洞分析(CVE-2022-26113)
– Jett
• [Tools, Windows] hfiref0x/KDU:
https://github.com/hfiref0x/KDU
・ KDU – 利用从正常合法软件中提取的有漏洞的驱动实现内核级别的内存任意读写,继而实现禁用内核保护、进程劫持等目标
– Jett
• ModernLoader delivers multiple stealers, cryptominers and RATs:
https://blog.talosintelligence.com/2022/08/modernloader-delivers-multiple-stealers.html
・ Talos 对 ModernLoader RAT 远控工具的分析
– Jett
• MATE: Interactive Program Analysis with Code Property Graphs:
https://galois.com/blog/2022/08/mate-interactive-program-analysis-with-code-property-graphs/
・ MATE – 一套程序分析交互工具,用于基于 CPG 在 C/C++ 代码中挖掘漏洞
– Jett
• Sleeping With Control Flow Guard:
https://icebreaker.team/blogs/sleeping-with-control-flow-guard/
・ 利用直接 SYSCALL 调用禁用 Control Flow Guard,绕过终端防护软件的检测
– Jett
• UAC 原理与检测:
https://tttang.com/archive/1715/
・ UAC 原理与检测
– lanying37
• SDR nfc-laboratory v2.0:
https://github.com/josevcm/nfc-laboratory
・ 基于 SDR 分析 NFC 协议的工具
– Jett
• Bootkitting Windows Sandbox:
https://secret.club/2022/08/29/bootkitting-windows-sandbox.html
・ Bootkitting Windows Sandbox
– Jett
• Announcing Google’s Open Source Software Vulnerability Rewards Program:
http://security.googleblog.com/2023/08/Announcing-Googles-Open-Source-Software-Vulnerability-Rewards-Program .html
・ Google 针对其作为主要贡献者的开源项目发起漏洞奖励计划
– Jett
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(08-31)
