每日安全动态推送(11-28)
2023-11-28 10:49:32 Author: mp.weixin.qq.com(查看原文) 阅读量:5 收藏

Tencent Security Xuanwu Lab Daily News

• dotCMS 5.1.5: Exploiting H2 SQL injection to RCE:
https://www.sonarsource.com/blog/dotcms515-sqli-to-rce/

   ・ dotCMS 5.1.5存在SQL注入漏洞,攻击者可以通过JSP文件触发,利用发布者权限创建未推送的捆绑包,并注入任意SQL命令,甚至实现远程代码执行。 – SecTodayBot

• r-tec Blog | Process Injection - Avoiding Kernel Triggered Memory Scans.:
https://www.r-tec.net/r-tec-blog-process-injection-avoiding-kernel-triggered-memory-scans.html

   ・ 介绍了进程注入的常见用途和方法,并探讨了如何通过使用Kernel Callbacks和ETWti来避免被检测。 – SecTodayBot

• WailingCrab Malware Evolves: Embracing MQTT for Stealthier C2 Communication:
https://securityonline.info/wailingcrab-malware-evolves-embracing-mqtt-for-stealthier-c2-communication/

   ・ WailingCrab恶意软件进化:采用MQTT进行更隐蔽的C2通信,通过使用轻量级消息传递协议MQTT和摒弃Discord等方式 – SecTodayBot

• Details Released for Microsoft Excel RCE (CVE-2023-36041) Vulnerability:
https://securityonline.info/details-released-for-microsoft-excel-rce-cve-2023-36041-vulnerability/

   ・ Cisco Talos情报组最近揭示了微软Excel中的一个RCE漏洞,该漏洞存在于Microsoft Office Professional Plus 2019 Excel的ElementType属性处理中。攻击者可以利用此漏洞执行任意代码,但需要诱使用户打开特制的Excel电子表格。 – SecTodayBot

• Deepsecrets - Secrets Scanner That Understands Code:
http://dlvr.it/Sz9NPf

   ・ DeepSecrets是一款理解代码的密钥扫描工具,通过语义分析、危险变量检测和熵分析等方法,支持500多种语言和格式,并且可以使用已知密钥的哈希值在代码中找到明文。 – SecTodayBot

• HrServ – Previously unknown web shell used in APT attack:
https://securelist.com/hrserv-apt-web-shell/111119/

   ・ 调查发现了一个DLL文件,名为hrserv.dll,是一个以前未知的Web Shell,具有复杂的功能,如客户端通信的自定义编码方法和内存执行。对样本的分析导致了在2021年编译的相关变体的发现,表明这些恶意活动之间可能存在潜在的相关性。 – SecTodayBot

• A Touch of Pwn - Part I:
https://blackwinghq.com/blog/posts/a-touch-of-pwn-part-i/

   ・ 研究揭示了多个漏洞,成功地绕过了三款笔记本电脑上的Windows Hello指纹认证 – SecTodayBot

• Public Release of PoC Exploit for Critical Windows Defender Bypass:
https://vulnera.com/newswire/public-release-of-poc-exploit-for-critical-windows-defender-bypass/

   ・ 一项PoC漏洞利用程序现已公开,可绕过Windows SmartScreen技术中的关键零日漏洞。 – SecTodayBot

• nysm: A stealth post-exploitation container:
https://securityonline.info/nysm-a-stealth-post-exploitation-container/

   ・ 一个隐形的后渗透容器,通过隐藏eBPF程序、映射、链接、Auditd日志、PID和套接字等,使攻击工具在系统管理员的监控下运行。 – SecTodayBot

• Awesome Azure Penetration Testing:
https://github.com/Kyuu-Ji/Awesome-Azure-Pentest

   ・ Azure渗透测试的绝佳工具和资源清单 – SecTodayBot

* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


文章来源: https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651959438&idx=1&sn=1c0bcba6002ac4dc232bee9db9b33e1e&chksm=8baed011bcd9590765b49bf9589e749bf0fc8914535980a69af290c8d375d586eabdac0284ef&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh