每日安全动态推送(12-12)

• Exploiting CVE-2022-42703 – Bringing back the stack attack:
https://googleprojectzero.blogspot.com/2022/12/exploiting-CVE-2022-42703-bringing-back-the-stack-attack.html

   ・ 本文介绍了一种基于栈的内核利用方法，有内核任意地址写能力的攻击者可以利用该方法直接完成内核利用。具体地，该文章：1. 介绍了一种利用cpu_entry_area构造内核地址读写的方法，cpu_entry_area是内核处理DB异常所用的栈，它在内核内存中是处于固定位置，因此可以直接绕过KASLR。作者向Linux内核团队建议了将cpu_entry_area地址随机化修复方法，这样可以有效的阻止remote kernel attack；2.介绍了用prefetch绕过推算cpu_entry_area的方法，指出就算cpu_entry_area随机化了也挡不住local kernel attack。 – Atum

• [Tools] Using OpenAI Chat to Generate Phishing Campaigns:
https://www.richardosgood.com/posts/using-openai-chat-for-phishing/

   ・ 利用ChatGPT生成邮件，虚假的登陆界面来进行钓鱼 – ArisXu

• [Attack] 疑似APT-C-56（透明部落）针对恐怖主义的攻击活动分析:
https://mp.weixin.qq.com/s/J_A12SOX0k5TOYFAegBv_w

   ・ 疑似APT-C-56（透明部落）针对恐怖主义的攻击活动分析 – crazyman

• [Attack] 针对巴以地区围绕卡塔尔世界杯的攻击活动:
https://mp.weixin.qq.com/s/48Atw1b6Oe7A-vlsKHYWwg

   ・ 针对巴以地区围绕卡塔尔世界杯的攻击活动 – crazyman

• [CVE-2022-21225] Intel Data Center Manager Console <= 4.1 “getRoomRackData” Authenticated (Guest+) SQL Injection:
https://seclists.org/fulldisclosure/2022/Dec/1

   ・ Intel数据中心管理控制台存在SQL注入漏洞，漏洞POC已公开 – xmzyshypnc

• GitHub – projectdiscovery/fuzzing-templates: Community curated list of nuclei templates for finding unknown security vulnerabilities.:
https://github.com/projectdiscovery/fuzzing-templates

   ・ 社区整理的nuclei扫描器fuzz模版 – keenan

• [Attack] APT Cloud Atlas: Unbroken Threat:
https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/apt-cloud-atlas-unbroken-threat/

   ・ pt安全披露CloudAtlas APT组织近期活动的总结以及其样本的攻击流程 – crazyman

• [Tools] Nosey Parker: Find secrets in textual data:
https://github.com/praetorian-inc/noseyparker

   ・ 一款扫描文本数据中的敏感信息的工具，可用于扫描开源项目寻找是否包含secret key在内的敏感信息泄露 – ArisXu

• GitHub – klezVirus/SilentMoonwalk: PoC Implementation of a TRUE call stack spoofer : netsec:
https://www.reddit.com/r/netsec/comments/zfuorh/github_klezvirussilentmoonwalk_poc_implementation/

   ・ SilentMoonwalk:调用windows API时欺骗堆栈,可以干扰hook API获取调用栈来进行进一步判断的工具 – crazyman

• Exploit collection for some Service DCOM Object local privilege escalation vulnerability(by SeImpersonatePrivilege abuse):
https://github.com/zcgonvh/DCOMPotato

   ・ Service DCOM Object本地权限提升漏洞的利用集合（通过SeImpersonatePrivilege滥用） – crazyman

• [Web] {JS-ON: Security-OFF}: Abusing JSON-Based SQL to Bypass WAF:
https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf

   ・ 借助JSON绕过WAF进行SQL注入的技巧 – keenan

• [IoT] Hacking the Furbo Dog Camera: Part III Fun with Firmware — Somerset Recon:
https://www.somersetrecon.com/blog/2022/hacking-the-furbo-dog-camera-part-iii

   ・ Furbo狗相机固件更新MitM漏洞：作者详细描述了从UART连接到发现漏洞并证实的过程 – WireFish

• Race condition in snap-confine’s must_mkdir_and_open_with_perms() (CVE-2022-3328):
https://seclists.org/fulldisclosure/2022/Dec/4

   ・ Snapd 条件竞争漏洞(CVE-2022-3328)细节，可导致本地提权。 – P4nda

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室

原文始发于微信公众号（腾讯玄武实验室）：每日安全动态推送(12-12)