每日安全动态推送(1-9)

Tencent Security Xuanwu Lab Daily News

• www.mandiant.com:
https://www.mandiant.com/resources/blog/turla-galaxy-opportunity

   ・ Turla APT组织使用KOPILUWAK Recon和 QUIETCANARY Backdoor恶意软件针对乌目标进行植入 – crazyman

• [Malware] Introduction:
https://github.com/elttam/publications/blob/master/writeups/CVE-2022-47629.md

   ・ CVE-2022-47629:影响libksba的漏洞CVE-2022-3515变体的分析 – crazyman

• Extending Source Code Pre-Trained Language Models to Summarise Decompiled Binaries:
https://arxiv.org/abs/2301.01701

   ・ 使用语言模型对反编译代码做自动化summary – Atum

• Putting ELF on the shelf…:
https://www.hexacorn.com/blog/2023/01/03/putting-elf-on-the-shelf/

   ・ Putting ELF on the shelf – lanying37

• 2390 – project-zero – Project Zero – Monorail:
https://bugs.chromium.org/p/project-zero/issues/detail?id=2390

   ・ Linux videobuf2系统UAF漏洞细节与POC。 – P4nda

• [Web] numanturle/CVE-2022-44877:
https://github.com/numanturle/CVE-2022-44877

   ・ CVE-2022-44877:Centos Web Panel 7未授权远程代码执行 – crazyman

• [Malware] Unraveling the techniques of Mac ransomware:
https://www.microsoft.com/en-us/security/blog/2023/01/05/unraveling-the-techniques-of-mac-ransomware/

   ・ MSTI发布关于MacOS勒索软件的技术分析 – crazyman

• The OWASSRF + TabShell exploit chain:
https://blog.viettelcybersecurity.com/tabshell-owassrf/

   ・ OWASSRF + TabShell 利用链 – crazyman

• 한글 워드 프로세서 크랙으로 위장하여 유포 중인 Orcus RAT:
https://asec.ahnlab.com/ko/45153/

   ・ AhnLab ASEC团队分析了Orcus RAT,该RAT作为朝鲜语 Hangul文字处理器的破解版在webhard平台上进行分发 – crazyman

• [Tools] NTLMRecon: identify commonly accessible NTLM authentication endpoints:
https://securityonline.info/ntlmrecon-identify-commonly-accessible-ntlm-authentication-endpoints/

   ・ Go 语言版 NTLMRecon ，可用来扫描并识别目标 Web 服务器上支持 NTLM 认证的 Endpoint – WireFish

• [Tools] PythonMemoryModule:
https://github.com/naksyn/PythonMemoryModule

   ・ MemoryModule模块实现纯python的内存加载dll,用于bypass AV/EDR以及一些其他用途 – crazyman

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab

原文始发于微信公众号（腾讯玄武实验室）：每日安全动态推送(1-9)