Tencent Security Xuanwu Lab Daily News
• [Tools] Installation:
https://github.com/mrphrazer/obfuscation_detection
・ Obfuscation Detection 一个用于自动检查二进制文件中的混淆代码和状态机的脚本/工具/Binary Ninja插件
– ThomasonZhao
• [Web] Vuln-Drive 2 – bi0sCTF22:
https://blog.bi0s.in/2023/01/24/Web/Vuln-Drive2-bi0sCTF222023/
・ bi0sCTF 2022 Web题目Vuln-Drive 2的官方writeup
– crazyman
• Python原型链污染变体(prototype-pollution-in-python):
https://tttang.com/archive/1876/
・ Python原型链污染变体(prototype-pollution-in-python)
– crazyman
• CVE-2022-42475:
https://wzt.ac.cn/2022/12/15/CVE-2022-42475/
・ 通过补丁对比分析FortiGate SSLVPN 的 RCE 漏洞 CVE-2022-42475,漏洞原因在于32->64转换时的整数溢出
– xmzyshypnc
• Bypassing OGNL sandboxes for fun and charities:
https://github.blog/2023-01-27-bypassing-ognl-sandboxes-for-fun-and-charities/
・ 绕过OGNL注入保护机制(包括Struts和Atlassian Confluence使用一些特殊的机制)
– crazyman
• [Windows] Introducing kernel sanitizers on Microsoft platforms:
http://www.microsoft.com/en-us/security/blog/2023/01/26/introducing-kernel-sanitizers-on-microsoft-platforms/
・ 微软在内核中引入KASAN,SKASAN和针对Hyper-V的HASAN
– xmzyshypnc
• [Malware] Chinese PlugX Malware Hidden in Your USB Devices?:
https://bit.ly/403goDc
・ 隐藏于USB介质中的PlugX变体
– crazyman
• PDFkit-CMD-Injection (CVE-2022-25765):
https://github.com/nikn0laty/PDFkit-CMD-Injection-CVE-2022-25765
・ pdfkit命令执行漏洞CVE-2022-25765 Exp
– xmzyshypnc
• PHP Development Server <= 7.4.21 – Remote Source Disclosure:
https://blog.projectdiscovery.io/php-http-server-source-disclosure/
・ PHP Development Server <= 7.4.21的远程源码泄露漏洞
– crazyman
• [Tools] Malware Theory – How Packers Work, Polymorphism and Misconceptions:
https://youtu.be/ESLEf66EzDk
・ Malware Theory – How Packers Work, Polymorphism and Misconceptions
– lanying37
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(2-2)
