每日安全动态推送(04-09)

腾讯玄武实验室 2021-04-09 12:09
Tencent Security Xuanwu Lab Daily News

• Hiding in the Particles: When Return-Oriented Programming Meets Program Obfuscation: 
https://arxiv.org/abs/2012.06658

   ・ Hiding in the Particles: When Return-Oriented Programming Meets Program Obfuscation –potato


• [CVE-2021-29154] Linux kernel incorrect computation of branch displacements in BPF JIT compiler can be abused to execute arbitrary code in Kernel mode: 
http://seclists.org/oss-sec/2021/q2/12

   ・ CVE-2021-29154:Linux 内核中 BPF JIT 由于 branch displacements 错误计算,存在内核提权漏洞。 – potato


• All Things Symantec: 
https://malwaremaloney.blogspot.com/p/all-things-symantec.html

   ・ 针对 Symantec Endpoint Protection 的日志、隔离文件和上报引擎的研究。 – potato


• Attack Surface Reduction: 
https://github.com/commial/experiments/tree/master/windows-defender/ASR

   ・ 揭秘 Windows 减少攻击面(ASR:attack surface reduction)的细节。 – potato


• CVE-2021-1386: 
https://zeroperil.com/cisco-amp-and-immunet-local-privilege-escalation-vulnerability-cve-2021-1386/

   ・ CVE-2021-1386:Cisco AMP、Immunet 和 ClamAV 本地提权漏洞。 – potato


• [Pentest, Tools] PowerShell Empire for Pentester: Mimikatz Module: 
https://www.hackingarticles.in/powershell-empire-for-pentester-mimikatz-module/

   ・ PowerShell Empire 渗透测试工具内置Mimikatz模块功能介绍。 – lanying37


• Adventures From UEFI Land: the Hunt For the S3 Boot Script: 
https://labs.sentinelone.com/adventures-from-uefi-land-the-hunt-for-the-s3-boot-script/

   ・ 提取 S3(ACPI 即高级配置与电源接口的模式之一) 启动脚本。 – potato


• Detecting process injection with ETW: 
https://blog.redbluepurple.io/windows-security-research/kernel-tracing-injection-detection

   ・ 记录一些有关内存注入检测的概念,并使用 TiETwAgent 测试一些检测用例。 – potato


• IDA Pro 分析 dyld_shared_cache: 
https://paper.seebug.org/1551/

   ・ IDA Pro 分析 dyld_shared_cache. – lanying37


• An analysis of a large-scale HTTPS interception | APNIC Blog: 
https://buff.ly/3dKoHfA

   ・ 针对大规模HTTPS拦截的分析。 – lanying37


• Iran’s APT34 Returns with an Updated Arsenal: 
https://research.checkpoint.com/2021/irans-apt34-returns-with-an-updated-arsenal/

   ・ Check Point Research 报告了伊朗的 APT34(OilRig)针对黎巴嫩攻击的证据,并发现新的后门变种 SideTwist。 – potato


• GitHub - cyberark/kubesploit: Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments.: 
https://github.com/cyberark/kubesploit

   ・ kubesploit:基于 Golang 开发的 C&C HTTP/2 服务,专注容器环境。 – potato


* 查看或搜索历史推送内容请访问: 
https://sec.today

* 新浪微博账号:腾讯玄武实验室 
https://weibo.com/xuanwulab