1.一家运行囚犯与外界通信服务的公司Telmate,泄漏了包含其数据的数据库,涉及囚犯的私人消息、通话记录、帐户余额、发件人和收件人的个人信息等
https://www.comparitech.com/blog/information-security/prison-phone-service-exposes-millions-inmate-records/
2.微软最终在2021年1月之前终止对Adobe Flash的支持
https://www.bleepingcomputer.com/news/microsoft/microsoft-to-finally-kill-adobe-flash-support-by-january-2021/
1.在Shell创建对象任务服务器中的特权升级
https://docs.google.com/document/d/e/2PACX-1vTP5OvJToWToMOKyeMyPcIPJhqbnESgWY6dYje9seJY96-ezCEJbXsMkfMWhoqPRaCNRs6BOO7urQyF/pub
2.UBUNTU PPP的CVE-2020-15704总结
https://www.synacktiv.com/publications/ubuntu-ppps-cve-2020-15704-wrap-up
1.Android平台银行木马Cerberus的详细分析报告
https://www.buguroo.com/en/labs/full-report-on-cerberus-an-android-banking-trojan
2.在SEG保护的环境中发现的网络钓鱼
https://cofense.com/message-quarantine-campaign-overlying-potential/
3.深入探讨Evilnum小组的最新活动,并探索其新的感染链和工具
https://www.cybereason.com/blog/no-rest-for-the-wicked-evilnum-unleashes-pyvil-rat
4.BitRAT远控分析,Part2:隐藏的浏览器,SOCKS5代理和UnknownProducts被屏蔽
https://krabsonsecurity.com/2020/09/04/bitrat-pt-2-hidden-browser-socks5-proxy-and-unknownproducts-unmasked/
5.Visa发出了有关新的信用卡JavaScriptskimmer(称为Baka)的警告,该skimmer实施了新功能来逃避检测
https://usa.visa.com/content/dam/VCOM/global/support-legal/documents/visa-security-alert-baka-javascript-skimmer.pdf
1.PCILeech:直接内存攻击工具,使用PCIe硬件设备读取和写入目标系统内存
https://github.com/ufrisk/PCILeech
2.SharpScribbles:C#工具,用于从Windows Sticky Notes数据库中提取数据,以及从Thunderbird和Firefox检索数据(联系人,电子邮件,历史记录,Cookie和凭据)
https://github.com/V1V1/SharpScribbles
3.GRAT2:Python3和.NET 4.0编写的C&C工具,可用于后渗透
https://github.com/r3nhat/GRAT2
4.yacd:在iOS 13.4.1及更低版本上解密FairPlay应用,不需要越狱
https://github.com/DerekSelander/yacd
5.hardcodes:从源代码中找到硬编码的字符串
https://github.com/s0md3v/hardcodes
6.h4rpy:自动化的WPA /WPA2 PSK攻击工具,是对aircrack-ng框架的包装
https://github.com/MS-WEB-BN/h4rpy
7.wordlist_generator:使用tomnomnom的报告“Who, What, Where, When”中提到的技术生成独特的单词列表
https://github.com/SomeKirill/wordlist_generator
8.CFGgrind:使用valgrind动态构建CFG
https://github.com/rimsa/CFGgrind
9.nvd-scrapper:从国家漏洞数据库中拉出数据,并将其推到GCP桶中
https://github.com/clglavan/nvd-scrapper
10.TREVORspray:基于MSOLSpray的功能强大的Python O365 sprayer,使用Microsoft Graph API
https://github.com/blacklanternsecurity/TREVORspray
11.unimap:Scan onlyonce by IP address and reduce scan times with Nmap for large amounts of data.
https://github.com/Edu4rdSHL/unimap
1.使用二进制仿真框架Qiling分析实模式二进制文件
https://blog.lazym.io/2020/09/05/Dive-deeper-Analyze-real-mode-binaries-like-a-Pro-with-Qiling-Framework/
2.使用Microsoft Defender Advanced Threat保护来检测对本地管理员组的更改
https://www.verboon.info/2020/09/hunting-for-local-group-membership-changes/
3.如何使用端到端加密来保护您的敏感数据来记录ProtonDrive的安全模型
https://protonmail.com/blog/protondrive-security/
4.绕过SQL注入过滤器来执行盲SQL注入
http://www.mannulinux.org/2020/09/sql-injection-filter-bypass-to-perform.html
5.使用Active Directory域信息转储工具goddi,探索MITER ATT&CK发现的策略和技巧
https://awakesecurity.com/blog/hunting-for-goddi-uncovering-mitre-attck-discovery-tactics-techniques/
6.使用WinAFL Fuzzing一个简单的C程序
https://www.youtube.com/watch?v=Va_Wtxf3DMc
7.半自动代码去混淆(r2con2020 workshop)
https://www.youtube.com/watch?v=_TsV0RXoIQE
8.针对Android App的时间旅行测试
https://mboehme.github.io/paper/ICSE20.TTT.pdf
9.使用Cobalt Strike Beacon对象文件实现的自定义DLL注入
https://x64sec.sh/custom-dll-injection-with-cobalt-strike/
10.IDOR:攻击向量、利用、绕过和链
https://www.notion.so/IDOR-Attack-vectors-exploitation-bypasses-and-chains-0b73eb18e9b640ce8c337af83f397a6b
11.演示Spring框架中不受限制的视图名称操作有多危险
https://github.com/veracode-research/spring-view-manipulation/
12.使用YARA规则处理Windows事件记录
https://blog.dylan.codes/pwning-windows-event-logging/
13.源代码分析和利用API密钥
https://medium.com/bugbountywriteup/source-code-analysis-and-api-keys-exploitations-1796b3e731eb
14.WSUS(Windows服务器升级服务)攻击第1部分:PyWSUS简介
https://www.gosecure.net/blog/2020/09/03/wsus-attacks-part-1-introducing-pywsus/
https://github.com/GoSecure/pywsus
15.跟踪移动云:如何通过制图连续跟踪云资产
https://www.marcolancini.it/2020/blog-tracking-moving-clouds-with-cartography/
16.从SSH证书蜜罐中学到的教训
https://systemoverlord.com/2020/09/04/lessons-learned-from-ssh-credential-honeypots.html
17.安装hongfuzz并fuzzing简单的c程序
https://www.youtube.com/watch?v=6OBXJtEe-d8
18.Defcon 2020 Red Team CTF – Seeding Part 1 & 2
https://www.securifera.com/blog/2020/09/05/defcon-2020-red-team-village-ctf-seeding-part-1-2/
19.云端一键部署取证实验室
https://0xbanana.com/blog/one-click-forensics-lab-in-the-cloud/
20.8086微码反汇编
https://www.reenigne.org/blog/8086-microcode-disassembled/
21.使用FireFox执行爆破攻击和绕过Rate限制
https://www.youtube.com/watch?v=it_V3ig1_4o
22.Remote — HackTheBoxWriteup OSCP Style
https://medium.com/bugbountywriteup/remote-hackthebox-writeup-oscp-style-1e35ed0f9951
天融信阿尔法实验室成立于2011年,一直以来,阿尔法实验室秉承“攻防一体”的理念,汇聚众多专业技术研究人员,从事攻防技术研究,在安全领域前瞻性技术研究方向上不断前行。作为天融信的安全产品和服务支撑团队,阿尔法实验室精湛的专业技术水平、丰富的排异经验,为天融信产品的研发和升级、承担国家重大安全项目和客户服务提供强有力的技术支撑。
天融信
阿尔法实验室
长按二维码关注我们