每日安全动态推送(1-6)

Tencent Security Xuanwu Lab Daily News

• [CTF write up] Tet CTF 2023 – mailService : Logical bug & Mem corruption PWN:
https://uz56764.tistory.com/82

   ・ TetCTF 2023 Pwn-mailService的非预期解Writeup – crazyman

• InkySquid: The Missing Arsenal:
https://www.sentinelone.com/labs/labscon-replay-inkysquid-the-missing-arsenal/

   ・ LABScon议题-InkySquid: The Missing Arsenal,披露了关于APT37的MacOS RoKRAT活动 – crazyman

• [Web] PoC Code for NodeBB Account Takeover Flaw (CVE-2022-46164) Published:
https://securityonline.info/poc-code-for-nodebb-account-takeover-flaw-cve-2022-46164-published/

   ・ CVE-2022-46164通过NodeBB的原型链污染接管账户 – crazyman

• TetCTF 2023: Mailservice:
https://day91.me/pwn/2023/01/02/TetCTF-2023-Mailservice.html

   ・ TetCTF 2023 Pwn-Mailservice预期解 – crazyman

• 攻击DSP：揭开高通Hexagon的神秘面纱:
https://vul.360.net/archives/645

   ・ 高通数字信号处理器Hexagon攻击面研究，文章从应用的开源库漏洞、驱动漏洞、Fuzz方法等方面进行介绍。 – P4nda

• [Linux] Exploiting CVE-2022-42703 – Bringing back the stack attack:
https://googleprojectzero.blogspot.com/2022/12/exploiting-CVE-2022-42703-bringing-back-the-stack-attack.html?m=1

   ・ project zero关于CVE-2022-42703的漏洞利用分析，该漏洞为Linux 内存管理子系统的UAF漏洞，可构造出栈溢出ROP实现提权 – xmzyshypnc

• [Reverse Engineering] r/ReverseEngineering – Reverse Engineering the DualShock 4:
https://www.reddit.com/r/ReverseEngineering/comments/10307×4/reverse_engineering_the_dualshock_4/

   ・ DualShock4逆向-Part1 – crazyman

• [Tools] Prototype Pollution in Python:
https://blog.abdulrah33m.com/prototype-pollution-in-python/

   ・ python中的类污染 – crazyman

• r/netsec – Escaping from bhyve:
https://www.reddit.com/r/netsec/comments/103hvsr/escaping_from_bhyve/

   ・ FreeBSD Bhyve虚拟机逃逸，文章展示了如何利用一个两个字节的堆栈溢出漏洞来实现虚拟机逃逸 – ArisXu

• Navigating the Vast Ocean of Sandbox Evasions:
https://bit.ly/3hUZu8x

   ・ Navigating the Vast Ocean of Sandbox Evasions,关于沙箱规避的检测 – crazyman

• [Tools] iCDump: A Modern Objective-C Class Dump | Romain Thomas:
https://www.romainthomas.fr/post/23-01-icdump/

   ・ 又一个OC的class dump工具 – Atum

• Fun and Games with Intel AMT:
https://nstarke.github.io/intel/amt/2023/01/04/fun-and-games-with-intel-amt.html

   ・ 利用 Intel AMT 实现 “admin 对 admin” 的攻击，即当系统存在多个 admin 账号时，可使 admin A 以 admin B 的身份做一些高权限操作。 – WireFish

• 赏金猎人:IChunQiu云境-Spoofing Writeup:
https://mp.weixin.qq.com/s/wlnXFIoTbbi4V0p1TQPDrg

   ・ IChunQiu云境-Spoofing Writeup – crazyman

• TetCTF2023&Liferay(CVE-2019-16891)(Pre-Auth RCE):
https://y4tacker.github.io/2023/01/03/year/2023/TetCTF2023-Liferay-CVE-2019-16891-Pre-Auth-RCE/

   ・ TetCTF Web题目 Image Services Viewer && Admin Lairay Old School Writeup – crazyman

• [Malware] BlindEagle Targeting Ecuador With Sharpened Tools – Check Point Research:
https://research.checkpoint.com/2023/blindeagle-targeting-ecuador-with-sharpened-tools/

   ・ APT-C-36(盲眼鹰)使用新感染链针对厄瓜多尔的攻击活动 – crazyman

• [Malware] In-depth Analysis of the PyTorch Dependency Confusion Administered Malware:
https://blog.aquasec.com/pytorch-dependency-confusion-administered-malware

   ・ 深入分析 PyTorch 中供应链攻击的恶意软件 – crazyman

• [Vulnerability] CVE-2022-43396 & CVE-2022-44621: Command injection in Apache Kylin:
https://securityonline.info/cve-2022-43396-cve-2022-44621-command-injection-in-apache-kylin/

   ・ 大数据分析平台Apache Kylin的命令注入漏洞 – Atum

• [Windows, Tools] SoftICE-like kernel debugger for Windows 11 : ReverseEngineering:
https://www.reddit.com/r/ReverseEngineering/comments/103apmm/softicelike_kernel_debugger_for_windows_11/

   ・ BugChecker:适用于 Windows 11（以及 Windows XP）的类似 SoftICE 的内核调试器 – crazyman

• [Tools] GitHub – romainthomas/iCDump: A modern Objective-C class dump based on LIEF and LLVM.:
https://github.com/romainthomas/iCDump

   ・ 一款基于LIEF和LLVM的对Objective-C语言二进制文件中类成员分析的工具。 – P4nda

• Cacti: Unauthenticated Remote Code Execution | Sonar:
https://www.sonarsource.com/blog/cacti-unauthenticated-remote-code-execution/

   ・ Cacti的未授权RCE漏洞 – crazyman

• TetCTF 2023 – Game:
https://mochinishimiya.github.io/posts/tetctf2023/

   ・ TetCTF 2023 Pwn – Game Writeup – crazyman

• DeTT&CT: Automate your detection coverage with dettectinator:
https://wp.me/p84lDr-3zo

   ・ DeTT&CT: Automate your detection coverage with dettectinator – crazyman

• CVE-2022-25026, CVE-2022-25027: Rocket TRUfusion Enterprise:
https://labs.nettitude.com/blog/cve-2022-25026-cve-2022-25027-vulnerabilities-in-rocket-trufusion-enterprise/

   ・ CVE-2022-25026 & CVE-2022-25027: Vulnerabilities in Rocket TRUfusion Enterprise – crazyman

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab

原文始发于微信公众号（腾讯玄武实验室）：每日安全动态推送(1-6)