每日安全动态推送(07-08)

admin 腾讯玄武实验室 2019-07-08
Tencent Security Xuanwu Lab Daily News


• [Defend] Endpoint Hunting in an AntiEDR World: 
https://mgreen27.github.io/projects/AntiEDRWorld/

   ・ Endpoint Hunting in an AntiEDR World - 终端安全产品与攻击者的对抗 – Jett


• [PDF] https://objectivebythesea.com/v2/talks/OBTS_v2_Hill.pdf: 
https://objectivebythesea.com/v2/talks/OBTS_v2_Hill.pdf

   ・ 通过Apple PPP和CCL组件实现权限提升,相关代码 https://github.com/posixninja/pppoccl –R3dF09


• [Fuzzing] Fuzzing File Systems via Two-Dimensional Input Space Exploration – Summary: 
https://r3xnation.wordpress.com/2019/07/06/fuzzing-file-systems-via-two-dimensional-input-space-exploration-summary/

   ・ JANUS:将AFL和Syzkaller结合在一起fuzz文件系统的工作 – LW


• [PDF] https://objectivebythesea.com/v2/talks/OBTS_v2_Fitzl.pdf: 
https://objectivebythesea.com/v2/talks/OBTS_v2_Fitzl.pdf

   ・ 通过无害的AppStore apps获得macOS root权限,可参考阅读 https://objective-see.com/blog/blog_0x46.html – R3dF09


• [Tools] Page 2 of 62: 
https://drive.google.com/file/d/1HwG6Ks_2dO0ut2plyPx1-svfNVKL1Mhu/view?usp=drivesdk

   ・ 介绍了 dwarf ,一款基于 frida 和 qt 的跨平台调试器,并讲述了一次针对 反调试、混淆和加壳 的破解流程。 – 靓仔


• [Android] How I Hacked the Microsoft Outlook Android App and Found CVE-2019-1105: 
https://www.f5.com/labs/articles/threat-intelligence/how-i-hacked-the-microsoft-outlook-android-app-and-found-cve-2019-1105?sf214690162=1

   ・ outlook app 客户端中的存储型xss,以及其poc构造过程 – 靓仔


• Analysis of a use-after-unmap vulnerability in Edge: CVE-2019-0609: 
https://gts3.org/2019/cve-2019-0609.html

   ・ 佐治亚理工 SSLab 对 CVE-2019-0609, 一个Edge 中的 use-after-unmap 漏洞的分析 – AI_FUZZ


• [Reverse Engineering, Tools] Ghidra Python Scripting - AZORult: 
http://rinseandrepeatanalysis.blogspot.com/2019/07/ghidra-python-scripting-azorult.html

   ・ 利用 Ghidra Python 脚本批量还原基于 GetProcAddress 实现的调用序列的函数名 – Jett


• [Windows, Tools] Automated AD and Windows test lab deployments with Invoke-ADLabDeployer: 
https://outflank.nl/blog/2018/03/30/automated-ad-and-windows-test-lab-deployments-with-invoke-adlabdeployer/

   ・ 利用 Invoke-ADLabDeployer PowerShell 脚本自动化部署一个 Windows AD 测试环境 – Jett


• [CTF] [PDF] https://bit.ly/wctf2019-gtf: 
https://bit.ly/wctf2019-gtf

   ・ TokyoWesterns 团队 icchy 公开的 WCTF2019 Writeup – Jett


• IronPython, darkly: how we uncovered an attack on government entities in Europe: 
http://blog.ptsecurity.com/2019/07/ironpython-darkly-how-we-uncovered.html

   ・ Positive Technologies 对一起针对克罗地亚政府的定向攻击的分析 – Jett


* 查看或搜索历史推送内容请访问: 
https://sec.today

* 新浪微博账号: 腾讯玄武实验室 
https://weibo.com/xuanwulab


    已同步到看一看

    发送中

    本站仅按申请收录文章,版权归原作者所有
    如若侵权,请联系本站删除
    觉得不错,分享给更多人看到
    腾讯玄武实验室 热门文章:

    BadTunnel:跨网段劫持广播协议    阅读/点赞 : 3386/54

    安全动态推送春节合辑(上)    阅读/点赞 : 449/5

    每日安全动态推送(02-21)    阅读/点赞 : 392/4

    每日安全动态推送(03-13)    阅读/点赞 : 390/6

    每日安全动态推送(09-19)    阅读/点赞 : 380/4

    每日安全动态推送(10-11)    阅读/点赞 : 378/4

    每日安全动态推送(06-20)    阅读/点赞 : 368/6

    每日安全动态推送(10-19)    阅读/点赞 : 344/4

    每日安全动态推送(11-25)    阅读/点赞 : 331/4

    每日安全动态推送(07-18)    阅读/点赞 : 320/4

    腾讯玄武实验室 微信二维码

    腾讯玄武实验室 微信二维码