Tencent Security Xuanwu Lab Daily News
• [Malware] GuLoader Malware Utilizing New Techniques to Evade Security Software:
https://thehackernews.com/2022/12/guloader-malware-utilizing-new.html
・ GuLoader 恶意软件实现了大量反分析和反调试功能,其中包括利用硬件断点来 unhook NTDLL 里面的 hook
– andreszeng
• [Linux] Critical Linux Kernel Vulnerability Let Attackers Execute Remote Code:
https://gbhackers.com/critical-linux-kernel-vulnerability/
・ Linux kernel ksmbd UAF RCE漏洞,ZDI-22-1690,CVSS SCORE:10.0 高危漏洞
– ThomasonZhao
• [iOS] Heap Overflows on iOS ARM64: Heap Spraying, Use-After-Free (Part 3):
https://www.inversecos.com/2022/07/heap-overflows-on-ios-arm64-heap.html?m=1
・ Heap Overflows on iOS ARM64: Heap Spraying, Use-After-Free (Part 3)
– lanying37
• advisories/2022_netcomm_nf20mesh_unauth_rce.md at main · scarvell/advisories:
https://github.com/scarvell/advisories/blob/main/2022_netcomm_nf20mesh_unauth_rce.md
・ Netcomm – 未经身份验证的远程代码执行
– crazyman
• [CTF] HKCERT CTF 2022 Postmortem (I): Easier Crypto Challenges:
https://mystiz.hk/posts/2022/2022-12-24-hkcert-ctf-1/
・ hkcert ctf challenge offical writeup by Mystiz part1
– crazyman
• [Windows] Pass-the-Challenge: Defeating Windows Defender Credential Guard:
https://research.ifcr.dk/pass-the-challenge-defeating-windows-defender-credential-guard-31a892eee22
・ 如何在开启了Windows Defender Credential Guard保护的情况下获取NTLM hash。该方法主要通过控制LSASS进程的ALPC 通信通道与LSAIso进程通信,利用加密脆弱性破解NTLM hash。
– P4nda
• [macOS] GitHub – jhftss/POC: A public collection of POCs & Exploits for the vulnerabilities I discovered:
https://github.com/jhftss/POC
・ A public collection of POCs & Exploits (MacOS)
– ThomasonZhao
• CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange:
https://kas.pr/9tqa
・ CVE-2022-41040 and CVE-2022-41082 MS Exchange RCE 漏洞的利用细节
– ThomasonZhao
• Data exfiltration using a COVID-bit attack:
https://kas.pr/xio8
・ 通过将CPU的供电电路变成Transmitter来从隔离的机器上偷数据。
– Atum
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(12-28)