每日安全动态推送(12-26)

Tencent Security Xuanwu Lab Daily News

• [Vulnerability] Diving into an Old Exploit Chain and Discovering 3 new SIP-Bypass Vulnerabilities:
https://research.trendmicro.com/3jeV5gZ

   ・ 如何从一个历史漏洞找到三个新的SIP-bypass漏洞。 – P4nda

• [macOS] A Technical Analysis of CVE-2022-22583 and CVE-2022-32800:
https://research.trendmicro.com/3hFfivW

   ・ 两个MACOS的SIP绕过漏洞的分析 – Atum

• Naughty List Challenge Write-Up – X-MAS CTF:
https://voidsec.com/naughty-list-challenge-write-up-x-mas-ctf/

   ・ Naughty List Challenge Write-Up – X-MAS CTF – crazyman

• hexacon2022_AppleAVD/hexacon2022_AppleAVD.pdf:
https://github.com/isciurus/hexacon2022_AppleAVD/blob/main/hexacon2022_AppleAVD.pdf

   ・ hexacon会议关于逆向AppleAVD以及寻找其攻击面的议题 – crazyman

• [Windows] Critical Microsoft Code-Execution Vulnerability:
https://www.schneier.com/blog/archives/2022/12/critical-microsoft-code-execution-vulnerability.html

   ・ 微软修复严重漏洞，可在未认证状态下实现远程代码执行攻击，危害性堪比永恒之蓝 – WireFish

• [Malware] [PDF] https://www.prodaft.com/m/reports/FIN7_TLPCLEAR.pdf:
https://www.prodaft.com/m/reports/FIN7_TLPCLEAR.pdf

   ・ 针对FIN7组织的深入分析 – crazyman

• [Reverse Engineering] Reverse Engineering Tiktok’s VM Obfuscation (Part 1):
https://nullpt.rs/reverse-engineering-tiktok-vm-1

   ・ 逆向抖音VM混淆分析的第一部分，可用于分析抖音是如何收集和使用用户数据的，同时也是绕过抖音人机检测的关键步骤，写的相当详细 – ArisXu

• [Tools] The 2022 curl security audit | daniel.haxx.se:
https://daniel.haxx.se/blog/2022/12/21/the-2022-curl-security-audit/

   ・ CURL的两个安全漏洞和一些其他问题 – Atum

• [Windows] Introduction to the Windows Filtering Platform:
http://scorpiosoftware.net/2022/12/25/introduction-to-the-windows-filtering-platform/

   ・ WFP的介绍 – crazyman

• Threat Brief: OWASSRF Vulnerability Exploitation:
https://bit.ly/3WnFbQe

   ・ unit42发布关于OWASSRF的利用详情以及后续攻击活动分析 – crazyman

• [Tools] IPyIDA – a better console for IDA Pro using IPython and Jupyter Notebook:
https://hex-rays.com/blog/plugin-focus-ipyida/

   ・ 一个IDA插件，将Jupyter‘s IPython console 集成到了IDA Pro中，提升了使用IDA脚本的体验 – Atum

• [Browser, CTF] KITCTFCTF 2022 V8 Heap Sandbox Escape:
https://ju256.de/posts/kitctfctf22-date/

   ・ KITCTF 2022中的一个通过JIT逃逸V8堆沙箱题目的Writeup – crazyman

• [Network] New Zerobot Malware Exploiting Apache Vulnerabilities to Launch DDoS Attack:
https://cybersecuritynews.com/zerobot-malware/

   ・ Zerobot利用新的方式(Apache漏洞 nday)去进行部署 – crazyman

• EvilWfshbr:
https://github.com/kkent030315/CVE-2022-42046

   ・ CVE-2022-42046:wfshbr64.sys本地权限提升的poc,允许任意用户操作EPROCESS以进行权限提升 – crazyman

• Texas Cyber Summit 2022: Windows built-in Sandbox Disables Microsoft Defender and other EDR/AV:
https://youtu.be/NGrSPuC7xr0

   ・ Texas Cyber Summit 2022议题：通过Windows 内置沙盒禁用 Microsoft Defender 和其他 EDR/AV – crazyman

• Vulnerability Spotlight: OpenImageIO file processing issues could lead to arbitrary code execution, sensitive information leak and denial of service:
https://blog.talosintelligence.com/vulnerability-spotlight-openimageio-file-processing-issues-could-lead-to-arbitrary-code-execution-sensitive-information-leak-and-denial-of-service/

   ・ 图像处理库OpenImageIO被发现多个漏洞，看起来基本都是内存破坏漏洞 – Atum

• CVE-2022-40309:
https://xz.aliyun.com/t/11979

   ・ Apache Archiva 任意目录删除/任意文件读取 – ThomasonZhao

• StealthHook – 一种在不修改内存保护的情况下挂钩函数的方法:
https://paper.seebug.org/2035/

   ・ 通过修改子函数的栈返回地址实现hook的方法 – xmzyshypnc

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab

原文始发于微信公众号（腾讯玄武实验室）：每日安全动态推送(12-26)