记录黑客技术中优秀的内容,传播黑客文化,分享黑客技术精华

每日攻防资讯简报[Aug.18th]

2020-08-18 16:31


0x00资讯

1.东南亚最大的钢板公司之一了Hoa Sen GroupMaze勒索软件入侵,攻击者发布了大约1.64 GB的泄露数据

https://cybleinc.com/2020/08/17/one-of-the-largest-steel-sheet-companies-in-southeast-asia-got-allegedly-breached-by-maze/

 

2.阿拉伯工业有限责任公司被Maze勒索软件入侵,攻击者发布了大约1.8 GB的泄漏数据

https://cybleinc.com/2020/08/17/maze-ransomware-operators-allegedly-targeted-arabian-industries-llc/

 

3.美国领先的应急响应恢复和重建公司Interstate Restoration被Maze勒索软件入侵,发布大约800 MB的泄露数据

https://cybleinc.com/2020/08/17/interstate-restoration-got-allegedly-breached-by-maze-ransomware-operators/

 

4.微软的Control Flow Guard引入了Rust和LLVM编译器

https://msrc-blog.microsoft.com/2020/08/17/control-flow-guard-for-clang-llvm-and-rust/

0x01漏洞


1.英国零售巨头Monsoon使用具有已知漏洞的Pulse Connect Secure VPN版本,可导致黑客窃取或勒索敏感的内部公司文件、客户数据等

https://vpnpro.com/blog/monsoon-vulnerability/

 

2.WordPress Sell Photo插件的存储型XSS漏洞

https://melbin.in/2020/08/14/stored-xss-vulnerability-in-wordpress-sell-photo-plugin/

 

3.GlueBall: The story of CVE-2020–1464

https://medium.com/@TalBeerySec/glueball-the-story-of-cve-2020-1464-50091a1f98bd

 

4.TinyMCE HTML文本编辑器的XSS漏洞

https://labs.bishopfox.com/advisories/tinymce-version-5.2.1

0x02工具

1.NoVmp:适用于VMProtect x64 3.x的静态反虚拟化程序

https://github.com/can1357/NoVmp

 

2.urlbuster:Web目录模糊处理程序,用于查找现有和/或隐藏的文件或目录

https://github.com/cytopia/urlbuster

 

3.vmpattack:VMP to VTIL lifter

https://github.com/0xnobody/vmpattack

 

4.spacesiren:一个AWS的honey token管理和警报系统

https://github.com/spacesiren/spacesiren

 

5.houndsploit:带GUI界面的Exploit-DB搜索引擎

https://github.com/nicolas-carolo/houndsploit

 

6.ysomap:一个基于ysoserial的Java反序列化开发框架

https://github.com/wh1t3p1g/ysomap

 

7.Noctilucent:使用TLS 1.3逃避审查,绕过网络防御,并融入噪音

https://github.com/SixGenInc/Noctilucent

https://youtu.be/TDg092qe50g

 

8.msticpy:微软的威胁情报安全工具

https://github.com/microsoft/msticpy

https://github.com/microsoft/msticnb

https://medium.com/@msticmed/announcing-mstic-notebooklets-d32479bd07f

0x03技术


1.使用POPAD小工具解决高度混淆的二进制文件

https://www.rakach.com/post/solving-highly-obfuscated-binary-using-popad-gadgets

 

2.PE实施中的错误导致二进制Ninja和radare2中的部分映射不正确

https://www.rakach.com/post/sloppy-implementation-of-pe-leads-to-incorrect-section-mapping-in-binary-ninja-and-radare2

 

3.使用白盒分析发现有趣的Java反序列化漏洞,Part1:JMS

https://blog.silentsignal.eu/2020/08/17/unexpected-deserialization-pt-1-jms/

 

4.Lin.Security: 1 Vulnhub Machine Walkthrough

https://melbin.in/2020/08/17/lin-security-1-vulnhub-machine-walkthrough/

 

5.自动从Github收集的PoC

https://github.com/nomi-sec/PoC-in-GitHub

 

6.Android渗透测试实验室搭建与实战

https://medium.com/bugbountywriteup/android-pentesting-lab-4a6fe1a1d2e0

 

7.以一种不寻常的方式泄漏AWS元数据

https://medium.com/bugbountywriteup/leaking-aws-metadata-f5bc8de03284

 

8.WebAssembly二进制文件中可利用的漏洞的程度以及与本机代码的比较

https://www.usenix.org/system/files/sec20-lehmann.pdf

 

9.FireWalker:一种绕过用户空间EDR Hooking的普遍新方法

https://www.mdsec.co.uk/2020/08/firewalker-a-new-approach-to-generically-bypass-user-space-edr-hooking/

https://github.com/mdsecactivebreach/firewalker

 

10.使用Echidna测试智能合约库

https://blog.trailofbits.com/2020/08/17/using-echidna-to-test-a-smart-contract-library/

 

11.从Azure到本地AD的横向移动

https://posts.specterops.io/death-from-above-lateral-movement-from-azure-to-on-prem-ad-d18cb3959d4d

 

12.Bug Bounty Tips #5

https://www.infosecmatter.com/bug-bounty-tips-5-aug-17/

 

13.在11个月内对多达66,606次的蜜罐进行的未经请求的呼叫的首次大规模,纵向分析

https://www.usenix.org/system/files/sec20-prasad.pdf

 

14.关于测量和可视化Fuzzer性能

https://hexgolems.com/2020/08/on-measuring-and-visualizing-fuzzer-performance/

 

15.CobaltStrike资源收集

https://github.com/zer0yu/Awesome-CobaltStrike

 

16.2020年年中数据泄露快速查看报告

https://pages.riskbasedsecurity.com/en/2020-mid-year-data-breach-quickview-report

 

17.如何通过Pass-the-PRT的攻击向云进行横向移动

https://blog.stealthbits.com/lateral-movement-to-the-cloud-pass-the-prt

天融信阿尔法实验室成立于2011年,一直以来,阿尔法实验室秉承“攻防一体”的理念,汇聚众多专业技术研究人员,从事攻防技术研究,在安全领域前瞻性技术研究方向上不断前行。作为天融信的安全产品和服务支撑团队,阿尔法实验室精湛的专业技术水平、丰富的排异经验,为天融信产品的研发和升级、承担国家重大安全项目和客户服务提供强有力的技术支撑。




天融信

阿尔法实验室

长按二维码关注我们




知识来源: https://mp.weixin.qq.com/s?__biz=Mzg3MDAzMDQxNw==&mid=2247489322&idx=2&sn=3334009a59f3d3681aac740f885355b4&chksm=ce955a14f9e2d302980430b424b119ce2bdc15a8718658d36edcb8e20842d64e0ad9c9dd415c&scene=126&

阅读:21688 | 评论:0 | 标签:攻防

想收藏或者和大家分享这篇好文章→复制链接地址

“每日攻防资讯简报[Aug.18th]”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

ADS

标签云