기술 문서 자료 (2021.01 - 2주)

⦿ Breaking The Browser – A tale of IPC, credentials and backdoors - Dylan(@_batsec_)

• 크롬 IPC를 이용한 크리덴셜 훔치기 및 백도어
• https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors/

 

⦿ CRACKING A CHINESE PROXY TUNNEL: REAL WORLD CTF PERSONAL PROXY WRITEUP - hyperreality

• Real World CTF에 출제된 Personal proxy writeup
• https://blog.cryptohack.org/cracking-chinese-proxy-realworldctf

 

⦿ FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts - PHIL STOKES

• 분석 난이도를 높이는 AppleScript를 사용하는 macOS.OSAMiner 마이너 멀웨어 분석 방법
• https://labs.sentinelone.com/fade-dead-adventures-in-reversing-malicious-run-only-applescripts/
• OSX.OSAMiner 샘플(password: infect3d)
  • https://t.co/MeMvVj5eMO?amp=1

 

⦿ In-the-Wild Series - Google Project Zero

• In-the-Wild에서 작전에 사용되던 제로데이 취약점들 분석 시리즈
• Maddie Stone, "In-the-Wild Series: Android Post-Exploitation"
  • https://googleprojectzero.blogspot.com/2021/01/in-wild-series-android-post-exploitation.html

• Mark Brand, "In-the-Wild Series: Android Exploits"
  • https://googleprojectzero.blogspot.com/2021/01/in-wild-series-android-exploits.html

• Mateusz Jurczyk and Sergei Glazunov, "In-the-Wild Series: Windows Exploits"
  • https://googleprojectzero.blogspot.com/2021/01/in-wild-series-windows-exploits.html

• Sergei Glazunov, "In-the-Wild Series: Chrome Infinity Bug"
  • https://googleprojectzero.blogspot.com/2021/01/in-wild-series-chrome-infinity-bug.html

• Sergei Glazunov, "In-the-Wild Series: Chrome Exploits"
  • https://googleprojectzero.blogspot.com/2021/01/in-wild-series-chrome-exploits.html

 

⦿ Making Clouds Rain :: Remote Code Execution in Microsoft Office 365 - ϻг_ϻε(@steventseeley)

• Exchange Online의 원격 코드 실행
• https://srcincite.io/blog/2021/01/12/making-clouds-rain-rce-in-office-365.html

 

⦿ PHP의 Type Juggling에서 나타나는 취약점(Magic Hashes 취약점)

• https://www.youtube.com/watch?v=_Zr84AeHECA

 

⦿ Real World CTF 발표자료(자막있음)

• A Journey Combining Web Hacking and Binary Exploitation in Real World! - Orange Tsai
  • https://www.youtube.com/watch?v=-dh4QXK3WCw

• Blowing the cover of android binary fuzzing - Flanker
  • https://www.youtube.com/watch?v=y05uja2o6GE
• Discovering Deep-Level Vulnerabilities in Databases - Hangfan Zhang
  • https://www.youtube.com/watch?v=pVijV5RDaBU
• Dive into Kernel Memory Mapping and TOCTTOU Vulnerability - Wang Yu
  • https://www.youtube.com/watch?v=T60NPmRvw70&feature=emb_title
• EVM Opcode JOP - xhyumiracle
  • https://www.youtube.com/watch?v=8VgSYgH8BbA
• Exploiting V8 Interpreter by -1 Index to Descriptor Array - Huanyao Rong
  • https://www.youtube.com/watch?v=rSaIlBWwxsY
• POLYGLOT Speaks Your Language: Generic Language Processor Fuzzing with Semantic Validation - Yupeng Yang
  • https://www.youtube.com/watch?v=gO93IpdcHvs
• Play CTF with SLIPPER - Slipper
  • https://www.youtube.com/watch?v=rm5ulFyD4FY
• Runtime Dynamic Code Execution in Objective-C - CodeColorist
  • https://www.youtube.com/watch?v=9DkygZwnhAM

• Userfaultfd in kernel exploit - BrieflyX
  • https://www.youtube.com/watch?v=6dFmH_JEF4s

 

⦿ Stealing Your Private YouTube Videos, One Frame at a Time - David Schütz

• Google Ads의 Moments 기능을 이용해 private video를 한 프레임씩 유출할 수 있는 취약점 
• https://bugs.xdavidhu.me/google/2021/01/11/stealing-your-private-videos-one-frame-at-a-time/

 

⦿ Sysmon13 공개  - MS sysinternal

• Herpaderping 공격 탐지 추가 
• https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
• 자세한 설명: https://medium.com/falconforce/sysmon-13-process-tampering-detection-820366138a6c

 

⦿ The Mac Malware of 2020 - Patrick Wardle

• 2020년 발견된 MacOS 멀웨어 타임라인과 분석
• https://objective-see.com/blog/blog_0x5F.html

 

⦿ THE STORY OF CVE-2021-1648 - k0shl

• splwow64 서비스의 취약점 분석
• https://whereisk0shl.top/post/the_story_of_cve_2021_1648

 

⦿ Understanding and Exploiting Zerologon - Siddharth Balyan & Nandini Rana

• Zerologon 취약점 분석과 익스플로잇
• https://dl.packetstormsecurity.net/papers/general/Understanding_and_Exploiting_Zerologon.pdf