Tencent Security Xuanwu Lab Daily News

• Microsoft Defender Anti-Malware PowerShell API - Arbitrary Code Execution:
https://seclists.org/fulldisclosure/2023/Dec/0

   ・ Microsoft Defender Anti-Malware PowerShell API中的任意代码执行漏洞，提供了详细的分析和漏洞利用的POC链接 – SecTodayBot

• SSD Advisory – Windows Kernel Pool (clfs.sys) Corruption Privilege Escalation:
https://ssd-disclosure.com/ssd-advisory-windows-kernel-pool-clfs-sys-corruption-privilege-escalation/

   ・ 披露了Windows系统中clfs.sys驱动程序的新漏洞 – SecTodayBot

• Intercepting MFA. Phishing and Adversary in The Middle attacks:
https://www.pentestpartners.com/security-blog/intercepting-mfa-phishing-and-attackers-in-the-middle/

   ・ 介绍了Adversary in The Middle (AiTM)攻击的方法和调查过程，以及如何增加安全措施以防范此类攻击。 – SecTodayBot

• CSV Injection in Azure Logs by Dmitriy Beryoza:
https://www.vectra.ai/blog/csv-injection-in-azure-logs

   ・ 云环境中日志注入和CSV注入的新漏洞信息，对Azure中的漏洞进行了详细分析 – SecTodayBot

• msdocsviewer:
https://hooked-on-mnemonics.blogspot.com/2023/12/msdocsviewer.html

   ・ 介绍了一款新的IDAPython插件，用于在IDA中查看Microsoft SDK文档 – SecTodayBot

• A Little AV/EDR Bypassing Lab for Training & Leaning Purposes:
https://xacone.github.io/BestEdrOfTheMarket.html

   ・ 介绍了一个开源的EDR，旨在了解和绕过检测机制。文章讨论了DLL注入、监控调用堆栈等新方法和工具 – SecTodayBot

• kunai: Threat hunting tool for Linux:
https://securityonline.info/kunai-threat-hunting-tool-for-linux/

   ・ 针对Linux系统的威胁捕获工具，采用eBPF程序来监视相关信息，利用Rust编写 – SecTodayBot

• [KIS-2023-13] ISPConfig <= 3.2.11 (language_edit.php) PHP Code Injection Vulnerability:
https://seclists.org/fulldisclosure/2023/Dec/2

   ・ ISPConfig <= 3.2.11存在的PHP代码注入漏洞 – SecTodayBot

• Hardening cellular basebands in Android:
http://security.googleblog.com/2023/12/hardening-cellular-basebands-in-android.html

   ・ 介绍了安卓固件的深度防御策略，重点讨论了基带安全和利用，并提出了使用高价值的消毒剂来缓解基带中发现的特定类漏洞的方法。 – SecTodayBot

• Ghidra Basics - Identifying, Decoding and Fixing Encrypted Strings:
https://embee-research.ghost.io/ghidra-basics-identifying-and-decoding-encrypted-strings/

   ・ 介绍了使用Ghidra和x32dbg识别、解密和修复加密字符串的基础知识，主要讨论了分析恶意软件样本中的加密字符串 – SecTodayBot

• POSTDump: perform minidump of LSASS process using few technics to avoid detection:
https://securityonline.info/postdump-perform-minidump-of-lsass-process-using-few-technics-to-avoid-detection/

   ・ 用于执行LSASS进程的minidump的工具，并使用一些技术来避免被检测。 – SecTodayBot

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab