每日安全动态推送(09-23)

Tencent Security Xuanwu Lab Daily News

• [Tools] requests-ip-rotator:
https://github.com/Ge0rg3/requests-ip-rotator

   ・ 利用 AWS API Gateway 的大 IP 池构建代理解决 IP 限制的问题 – Jett

• Raspberry Robin’s Roshtyak: A Little Lesson in Trickery:
https://decoded.avast.io/janvojtesek/raspberry-robins-roshtyak-a-little-lesson-in-trickery/

   ・ 以 Roshtyak 后门为例介绍恶意软件的自保护、杀软逃逸技巧 – Jett

• [Forensics] How to Detect and Prevent impacket’s Wmiexec | CrowdStrike:
https://www.crowdstrike.com/blog/how-to-detect-and-prevent-impackets-wmiexec/

   ・ Impacket Wmiexec 远程命令执行模块的用法以及防御检测方案 – Jett

• Azure Attack Paths:
https://cloudbrothers.info/azure-attack-paths/

   ・ Microsoft Azure 云环境的攻击路径分析 – Jett

• erlang-distribution-protocol 安全问题研究:
https://paper.seebug.org/1978/

   ・ erlang-distribution-protocol 安全问题研究 – lanying37

• [Tools] Quokka: A Fast and Accurate Binary Exporter:
http://blog.quarkslab.com/quokka-a-fast-and-accurate-binary-exporter.html

   ・ Quokka – Quarkslab 开源的二进制文件 Exporter – Jett

• PPL:
https://tttang.com/archive/1743/

   ・ PPL利用 – lanying37

• x86matthew – Exploiting a Seagate service to create a SYSTEM shell (CVE-2022-40286):
https://www.x86matthew.com/view_post?id=windows_seagate_lpe

   ・ 利用希捷在 Windows 系统安装的媒体同步服务的漏洞实现 SYSTEM 提权 – Jett

• [Tools] Tool Release – Project Kubescout: Adding Kubernetes Support to Scout Suite:
https://research.nccgroup.com/2022/09/22/tool-release-project-kubescout-adding-kubernetes-support-to-scout-suite/

   ・ 云安全审计工具 Scout Suite 开始支持对 Kubernetes clusters 的扫描 – Jett

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号： 腾讯玄武实验室
https://weibo.com/xuanwulab

原文始发于微信公众号（腾讯玄武实验室）：每日安全动态推送(09-23)