- A+
Tencent Security Xuanwu Lab Daily News
• CDRThief Malware Targets VoIP Gear in Carrier Networks:
https://threatpost.com/cdrthief-malware-voip-gear-carrier-networks/159100/
・ 针对以Linux上运行CDRThief恶意软件瞄准了运营商网络中的VoIP设备,并窃取电话元数据。
– lanying37
• 360lock Smart Lock Review:
https://www.pentestpartners.com/security-blog/360lock-smart-lock-review/
・ Pen Test Partners 对众筹项目 360LOCK 智能锁的逆向分析
– Jett
• [SCADA] Severe Industrial Bugs Allow Takeover of Critical Systems:
https://threatpost.com/severe-industrial-bugs-takeover-critical-systems/159068/
・ 研究人员发现罗克韦尔自动化和西门子等顶级ICS供应商使用的第三方工业组件中存在严重漏洞。
– lanying37
• [Malware] An overview of targeted attacks and APTs on Linux:
https://securelist.com/an-overview-of-targeted-attacks-and-apts-on-linux/98440/
・ 卡巴斯基发布针对Linux平台的攻击的团伙(包括APT)的概要分析
– Schwarrzz
• Bypass AMSI by manual modification part II - Invoke-Mimikatz | S3cur3Th1sSh1t:
https://s3cur3th1ssh1t.github.io/Bypass-AMSI-by-manual-modification-part-II/
・ 通过手动修改绕过AMSI触发器第二部分-Invoke-Mimikatz。
– lanying37
• Microsoft Hyper-V Type Confusion leading to Arbitrary Memory Dereference | Bluefrostsecurity:
https://labs.bluefrostsecurity.de/advisories/bfs-sa-2020-003/
・ Hyper-V (hvix64) 类型混淆任意地址解引用漏洞分析(CVE-2020-0904)
– Jett
• [iOS] Introduction to iBoot:
https://h3adsh0tzz.com/inside-xnu/iboot/intro
・ iOS iBoot 启动过程分析
– Jett
• [IoT] Examining the August Smart Lock:
http://blog.quarkslab.com/examining-the-august-smart-lock.html
・ Quarkslab 对 August 智能锁的攻击面测试
– Jett
• BlindSide:
https://www.vusec.net/projects/blindside
・ BlindSide - VUSec 团队研究在仅有一个内核溢出漏洞的基础上,不依靠其他信息泄露漏洞,利用 Spectre 侧信道漏洞实现 BROP - Blind ROP
– Jett
• Performing SQL Backflips to Achieve Code Execution on Schneider Electric’s EcoStruxure Operator Terminal Expert at Pwn2Own Miami 2020:
https://www.thezdi.com/blog/2020/9/9/performing-sql-backflips-to-achieve-code-execution-on-schneider-electrics-ecostruxure-operator-terminal-expert-at-pwn2own-miami-2020
・ ZDI 对 Pwn2Own Miami 2020 比赛中施耐德工控软件 EcoStruxure Operator Terminal Expert 代码执行漏洞的分析
– Jett
• Security Notice:
https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/
・ 蓝牙SIG发布关于利用蓝牙经典版和蓝牙低功耗漏洞(BLURtooth)中的交叉传输密钥安全声明。
– lanying37
• SRC-2020-0019 : Microsoft Exchange Server DlpUtils AddTenantDlpPolicy Remote Code Execution Vulnerability:
https://srcincite.io/advisories/src-2020-0019/
・ Windows Exchage Server DlpUtils AddTenantDlpPolicy RCE 漏洞,认证通过后才能触发该漏洞
– Jett
• [Tools] [PDF] https://vxug.fakedoma.in/papers/VXUG/Exclusive/FromaCprojectthroughassemblytoshellcodeHasherezade.pdf:
https://vxug.fakedoma.in/papers/VXUG/Exclusive/FromaCprojectthroughassemblytoshellcodeHasherezade.pdf
・ vx-underground 团队发了一篇 Paper,研究如何将 C 语言编译成 Shellcode
– Jett
• F5 BIG-IP Remote Code Execution Exploit - CVE-2020-5902:
https://www.criticalstart.com/f5-big-ip-remote-code-execution-exploit/
・ 从分析 F5 BIG-IP TMUI CVE-2020-5902 漏洞公告到编写 RCE Exploit
– Jett
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
