每日攻防资讯简报[Oct.9th]

  • A+
所属分类:安全新闻

每日攻防资讯简报[Oct.9th]

0x00资讯

1.开发者成功编译了泄露的Windows XP源码

每日攻防资讯简报[Oct.9th]

https://securityaffairs.co/wordpress/108966/security/windows-xp-server-2003-compiled.html

 

2.阿联酋国际航空公司由于服务器配置错误数据泄漏,泄露数据在暗网传播,包括14个文件2夹和53,555个文件,类别包括:护照扫描、机票预订、酒店预订、员工与客户之间的电子邮件通信、国际旅行保险单等

每日攻防资讯简报[Oct.9th]

https://www.defcon-lab.org/vazamento-de-dados-ira-e-emirados-arabes-kelvinsecteam/

 

3.亚洲流行的食品配送平台Chowbus被黑客入侵,攻击者声称窃取了包含客户数据的公司的整个数据库,包括4300条饭店记录和80万条客户记录,当前公开的数据包括客户名称、电子邮件地址、电话号码、Chowbus合作餐厅的地址(城市,州,邮政编码)、价格和地址

每日攻防资讯简报[Oct.9th]

Chowbus is Hacked & Leaks 800,000+ entries of Personal Data from UIUC

 

4.澳大利亚新闻共享平台Snewpit存储在AWS服务器上的数据可被公开访问,存储桶包含将近80,000条用户记录,包括用户名、全名、电子邮件地址和个人资料图片

每日攻防资讯简报[Oct.9th]

https://cybernews.com/security/australian-social-news-platform-leaks-80000-user-records/

0x01漏洞

1.D-Link在处理HNAP协议时的2个身份认证绕过漏洞(CVE-2020-8863、CVE-2020-8864)

https://www.zerodayinitiative.com/blog/2020/9/30/the-anatomy-of-a-bug-door-dissecting-two-d-link-router-authentication-bypasses

 

2.KensingtonWorks中的另一个RCE漏洞

https://robertheaton.com/another-rce-in-kensingtonworks/

 

3.CVE-2020-15702(批处理PID时的竞态条件漏洞)的技术说明

https://flattsecurity.hatenablog.com/entry/2020/09/30/130844

 

4.两个流行的工业远程访问系统的严重安全漏洞,可以被利用实现禁止访问工业生产车间、侵入公司网络、篡改数据甚至窃取敏感的商业秘密

https://www.otorio.com/news-events/press-release/otorio-discovers-critical-vulnerabilities-in-leading-industrial-remote-access-software-solutions/

https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03

 

5.惠普设备管理器的3个漏洞,可导致未经身份验证远程执行具有SYSTEM特权的命令(CVE-2020-6925,CVE-2020-6926,CVE-2020-6927)

https://nickbloor.co.uk/2020/10/05/hp-device-manager-cve-2020-6925-cve-2020-6926-cve-2020-6927/

 

6.具有Intel处理器和辅助T2芯片的macOS系统受影响的一个漏洞

https://ironpeak.be/blog/crouching-t2-hidden-danger/

 

7.AV软件最常见的漏洞如何使攻击者提权,研究人员测试的每个主流杀软供应商都可以被利用

https://www.cyberark.com/resources/threat-research-blog/anti-virus-vulnerabilities-who-s-guarding-the-watch-tower

 

8.在测试某Web App时发现的多个漏洞,串联起来可导致账户接管

https://ninetyn1ne.github.io/2020-10-05-open-redir-to-ato/

 

9.HashiCorp Vault中的两个身份验证漏洞

https://googleprojectzero.blogspot.com/2020/10/enter-the-vault-auth-issues-hashicorp-vault.html

 

10.A brief encounter with Leostream Connect Broker

https://adepts.of0x.cc/leostream-xss-to-rce/

 

11.Pulse Connect Secure由模板注入导致的RCE漏洞(CVE-2020-8243)

https://research.nccgroup.com/2020/10/06/technical-advisory-pulse-connect-secure-rce-via-template-injection-cve-2020-8243/

 

12.Apache Struts框架中的最近代码执行漏洞CVE-2019-0230

https://www.zerodayinitiative.com/blog/2020/10/7/cve-2019-0230-apache-struts-ognl-remote-code-execution

 

13.WarezTheRemote:将遥控器变成收听设备

https://www.guardicore.com/2020/10/wareztheremote-turning-remotes-into-listening-devices/

 

14.思科Webex Teams客户端的DLL劫持漏洞

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-dll-drsnH5AN

 

15.Microsoft Azure中发现的两个漏洞

https://www.intezer.com/blog/kud-i-enter-your-server-new-vulnerabilities-in-microsoft-azure/

0x02恶意代码

1.僵尸网络InterPlanetary Storm的新变种,感染13K Mac、Android设备,采用新的逃避检测策略

https://blog.barracuda.com/2020/10/01/threat-spotlight-new-interplanetary-storm-variant-iot/

 

2.Ttint: 一款通过2个0-day漏洞传播的IoT远控木马

https://blog.netlab.360.com/ttint-an-iot-rat-uses-two-0-days-to-spread/

 

3.MosaicRegressor:研究中发现的将恶意植入物感染到UEFI固件镜像的案例

https://securelist.com/mosaicregressor/98849/

https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/10/05094208/MosaicRegressor_Technical-details.pdf

 

4.揭秘Kraken:滥用Windows错误报告服务的无文件APT攻击

https://blog.malwarebytes.com/malwarebytes-news/2020/10/kraken-attack-abuses-wer-service/

 

5.PoetRAT:针对阿塞拜疆公共和私营部门的恶意软件

https://blog.talosintelligence.com/2020/10/poetrat-update.html

 

6.HEH:一种新的物联网P2P僵尸网络

https://blog.netlab.360.com/heh-an-iot-p2p-botnet/

 

7.黑客组织Ryuk最近的一次勒索软件攻击行动

https://thedfirreport.com/2020/10/08/ryuks-return/

 

8.一种基于Mirai的新攻击

https://blogs.juniper.net/en-us/security/priority-threat-actors-adopt-mirai-source-code

0x03工具

1.holehe:检查邮件是否在不同的网站(例如twitter,instagram)上使用,并使用忘记密码功能检索有关网站的信息

https://github.com/megadose/holehe

 

2.gitlab-watchman:使用GitLab API对GitLab内部暴露的敏感数据和凭证进行审计

https://github.com/PaperMtn/gitlab-watchman

 

3.TinyAFL:基于AFL和TinyInst,可以对MacOS用户模式应用程序(无需源码)进行模糊测试

https://github.com/linhlhq/TinyAFL/tree/TinyAFL-MacOS

 

4.HexraysToolbox:IDA Hexrays插件,从反编译后的代码(AST)中查找代码模式

https://github.com/patois/HexraysToolbox

 

5.webshell-analyzer:WebShell扫描和分析工具

https://github.com/tstillz/webshell-analyzer

 

6.lockphish:针对锁定屏幕的网络钓鱼攻击,旨在通过https链接获取Windows凭据、Android PIN和iPhone密码

https://github.com/jaykali/lockphish

https://www.kalilinux.in/2020/05/lockphish.html

 

7.Legion:基于覆盖率的软件测试工具

https://github.com/Alan32Liu/Legion

 

8.trident:自动化密码喷洒工具

https://github.com/praetorian-inc/trident

 

9.ad-honeypot-autodeploy:完全自动为RDP 蜜罐部署一个小型的、带漏洞的、易受攻击的Windows域

https://github.com/tothi/ad-honeypot-autodeploy

 

10.SFPolDevChk:Salesforce策略偏差检查器

https://github.com/nccgroup/SFPolDevChk

 

11.ghunt:OSINT工具,可提取某人的Google帐户电子邮件的许多信息

https://github.com/mxrch/ghunt

 

12.nuubi:信息收集工具

https://github.com/pikpikcu/nuubi

 

13.o365enum:使用ActiveSync、Autodiscover v1或office.com登录页面枚举Office 365中的有效用户名

https://github.com/gremwell/o365enum

 

14.uriDeep:基于机器学习的Unicode编码攻击

https://github.com/mindcrypt/uriDeep

 

15.asnap:通过提供有关哪些公司拥有哪个ipv4或ipv6地址的更新数据,并使用户可以自动执行初始端口和服务扫描,从而使侦察阶段变得更加容易

https://github.com/paradoxxer/asnap

 

16.jwt-heartbreaker:使用来自公开源的密钥,检查JWT

https://github.com/wallarm/jwt-heartbreaker

https://lab.wallarm.com/meet-jwt-heartbreaker-a-burp-extension-that-finds-thousands-weak-secrets-automatically/

 

17.pastego:使用GO和语法表达(PEG)抓取/解析Pastebin内容

https://github.com/notdodo/pastego

 

18.voyager:针对Win 10 x64的Hyper-V Hacking框架(AMD和Intel)

https://githacks.org/xerox/voyager

 

19.capa-explorer:Cutter插件,在Cutter中查看capa的分析结果

https://github.com/ninewayhandshake/capa-explorer

 

20.httpx:快速且多功能的HTTP工具包,允许使用retryablehttp库运行多个探测器,旨在通过增加线程来保持结果的可靠性

https://github.com/projectdiscovery/httpx

 

21.powerglot:使用多义4字编码进攻性的Powershell脚本

https://github.com/mindcrypt/powerglot

 

22.GoldenNuggets-1:Burp插件,用于轻易的创建Wordlist

https://github.com/GainSec/GoldenNuggets-1

 

23.sploit:用于二进制分析和开发的Go软件包

https://github.com/zznop/sploit

 

24.RPR-Run-Pause-Resume:用于BurpSuite/Turbo-Intruder,在指定数量的测试请求后设置暂停时间,以避免目标站点阻止攻击

https://github.com/abiwaddell/RPR-Run-Pause-Resume

 

25.feroxbuster:用Rust编写的一种快速、简单、递归的内容发现工具

https://github.com/epi052/feroxbuster

 

26.aemscan:Adobe Experience Manager漏洞扫描程序

https://github.com/Raz0r/aemscan

 

27.go-cve-dictionary:在本地创建CVE (NVD和日本JVN)副本,服务器模式可简化查询

https://github.com/kotakanbe/go-cve-dictionary

 

28.AdvPhishing:高级网络钓鱼工具

https://github.com/Ignitetch/AdvPhishing

 

29.ReversePowerShell:可用于通过PowerShell获取反向Shell的函数

https://github.com/tobor88/ReversePowerShell

 

30.serenity:Serenity操作系统,类Unix的图形操作系统,针对x86

https://github.com/SerenityOS/serenity

 

31.Raccine:一个简易的勒索软件

https://github.com/Neo23x0/Raccine

 

32.OFFPORT_KILLER:自动识别指定端口后运行的潜在服务,当nmap或任何扫描工具不可用时,以及在您进行了手动端口扫描然后想要确定正在运行的服务的情况下,该工具非常有用

https://github.com/TH3xACE/OFFPORT_KILLER

 

33.2020年IDA插件大赛结果

https://www.hex-rays.com/contests_details/contest2020/

 

34.bip:IDAPython API的高级抽象,简化使用Python与IDA交互过程

https://github.com/synacktiv/bip

https://synacktiv.github.io/bip/build/html/index.html#

 

35.fingermatch:IDA插件,从已分析的二进制文件中收集函数、数据、类型和注释,并在另一个二进制文件中对它们进行模糊匹配

https://github.com/jendabenda/fingermatch

 

36.ida_medigate:IDA插件,辅助C++逆向,尤其是虚表调度

https://github.com/medigate-io/ida_medigate

 

37.Renamer:IDA插件,基于函数内使用的字符串,为函数提供合适的名称

https://github.com/ClarotyICS/ResearchTools/tree/master/IDA/Renamer

 

38.Burp Hashcat Maskprocessor Extension

https://github.com/quahac/burp-intruder-hashcat-maskprocessor

 

39.TheCl0n3r:用于下载和管理Git仓库

https://github.com/an00byss/TheCl0n3r

 

40.kube-score:对Kubernetes对象定义执行静态代码分析

https://github.com/zegl/kube-score

 

41.vPrioritizer:了解整个组织中资产-漏洞关系级别上的背景风险(vPRisk),以便团队就他们应该补救(或承受不了)什么(漏洞/关系)以及在哪个(资产)上做出更明智的决定

https://github.com/varchashva/vPrioritizer

 

42.CSRFER:基于vulnerable requests生成CSRF Payload

https://github.com/luisfontes19/CSRFER


0x04技术

1.使用动态二进制插桩技术(QBDI)解决原生代码混淆

https://www.romainthomas.fr/publication/20-bh-asia-dbi/

 

2.硬件Hacking实验:从嵌入式设备中提取固件

https://github.com/koutto/hardware-hacking/blob/master/Hardware-Hacking-Experiments-Jeremy-Brun-Nouvion-2020.pdf

 

3.我如何自动化麦当劳FriesHit游戏以赢得免费iPhone

https://ferib.dev/blog.php?l=post/How_I_automated_McDonalds_mobile_game_to_win_free_iphones

 

4.使用复制和粘贴功能入侵Grindr帐户

https://www.troyhunt.com/hacking-grindr-accounts-with-copy-and-paste/

 

5.漏洞利用图谱:通过查找作者的指纹来寻找漏洞利用

https://research.checkpoint.com/2020/graphology-of-an-exploit-volodya/

 

6.如何枚举和使用IAM权限以使自己受益:现实世界实例

https://medium.com/bugbountywriteup/exploiting-aws-iam-permissions-for-total-cloud-compromise-a-real-world-example-part-2-2-f27e4b57454e

 

7.利用某些移动设备管理(MDM)服务器中的HTTP Request Smuggling,并将任何MDM命令发送到在其上注册的任何设备

https://medium.com/@ricardoiramar/the-powerful-http-request-smuggling-af208fafa142

 

8.Attacks on GCM with Repeated Nonces

https://www.elttam.com/blog/key-recovery-attacks-on-gcm/

 

9.强制Firefox在302重定向期间执行XSS有效负载

https://www.gremwell.com/firefox-xss-302

 

10.Hack the Box — Blackfield

https://medium.com/bugbountywriteup/hack-the-box-blackfield-35b64183a696

 

11.Relevant: 1 Vulnhub Walkthrough

https://www.hackingarticles.in/relevant-1-vulnhub-walkthrough/

 

12.HA: Narak: Vulnhub Walkthrough

https://www.hackingarticles.in/ha-narak-vulnhub-walkthrough/

 

13.Panabee: 1: Vulnhub Walkthrough

https://www.hackingarticles.in/panabee-1-vulnhub-walkthrough/

 

14.不安全的代码管理/版本控制历史记录

https://medium.com/@gupta.bless/exploiting-insecure-code-management-23fcd00eba60

 

15.HTTP Host header attacks

https://portswigger.net/web-security/host-header

 

16.NVIDIA系统管理界面(nvidia-smi)程序DLL劫持

https://www.pentestpartners.com/security-blog/dll-hijacking-in-nvidia-smi/

 

17.将Firefox用于渗透测试:隐私和保护附件

https://www.hackingarticles.in/firefox-for-pentester-privacy-and-protection-add-ons/

 

18.在拥有20000+用户的网站中利用LFI实现RCE

https://medium.com/bugbountywriteup/leveraging-lfi-to-rce-in-a-website-with-20000-users-129050f9982b

 

19.Vuls:无客户端的漏洞扫描器

https://www.hackingarticles.in/vuls-an-agentless-vulnerability-scanner/

 

20.攻击基于智能卡的Active Directory网络

https://ethicalchaos.dev/2020/10/04/attacking-smart-card-based-active-directory-networks/

 

21.使用Windows API Un-Hooking来绕过BitDefender总体安全性,从而执行进程注入

https://shells.systems/defeat-bitdefender-total-security-using-windows-api-unhooking-to-perform-process-injection/

 

22.智能合约Hacking,第7章:委托调用攻击向量

http://console-cowboys.blogspot.com/2020/10/smart-contract-hacking-chapter-7.html

 

23.使用DLL代理实现驻留

https://www.ired.team/offensive-security/persistence/dll-proxying-for-persistence

 

24.如何在浏览器中存储会话Token

https://blog.ropnop.com/storing-tokens-in-browser/

 

25.(书籍)恶意软件分析和检测工程:一种检测和分析现代恶意软件的综合方法

https://github.com/Apress/malware-analysis-detection-engineering

 

26.逆向3D电影制作工具,Part1:使用Ghidra脚本恢复C++类继承结构

https://benstoneonline.com/posts/reverse-engineering-3d-movie-maker-part-one/

 

27.2020年家用路由器安全报告

https://www.fkie.fraunhofer.de/content/dam/fkie/de/documents/HomeRouter/HomeRouterSecurity_2020_Bericht.pdf

 

28.对思科RV110W固件更新程序进行补丁比较

https://quentinkaiser.be/exploitdev/2020/10/01/patch-diffing-cisco-rv110/

 

29.Mitre ATT&CK技术,Part1:劫持执行流程

https://blog.nviso.eu/2020/10/06/mitre-attack-turned-purple-part-1-hijack-execution-flow/

 

30.关于白盒加密的安全性研究

https://tel.archives-ouvertes.fr/tel-02953586/document

 

31.CET Updates – CET on Xanax

https://windows-internals.com/cet-updates-cet-on-xanax/

 

32.仔细研究PlayStation 4硬件,以及多年来如何利用不同的漏洞来破坏游戏机的安全性

 

33. .NET灰盒方法:源代码审查和动态分析

https://voidsec.com/net-grey-box-approach-source-code-review/

 

34.OAuth 2.0安全性最佳最新实践

https://www.ietf.org/id/draft-ietf-oauth-security-topics-16.html

 

35.使用mutation XSS再次绕过DOMPurify

https://portswigger.net/research/bypassing-dompurify-again-with-mutation-xss

 

36.逆向电缆调制解调器,并将其转换为SDR(软件定义无线电)

https://stdw.github.io/cm-sdr/

 

37.使用Ghidra逆向Go二进制文件

https://cujo.com/reverse-engineering-go-binaries-with-ghidra/

 

38.Muney:无泄漏堆漏洞利用技术

https://maxwelldulin.com/BlogPost?post=6967456768

 

39.Hack the Box (HTB) machines walkthrough series — Cascade (part 2)

https://resources.infosecinstitute.com/hack-the-box-htb-walkthrough-cascade-part-2/

 

40.Hack The Box Walkthrough — Magic

https://medium.com/bugbountywriteup/hack-the-box-walkthrough-magic-d633fb94bca4

 

41.Metasploit后渗透模块参考

https://www.infosecmatter.com/post-exploitation-metasploit-modules-reference/

 

42.在Windows Shell链接解析器中查找漏洞

https://hitcon.org/2020/slides/From%20LNK%20to%20RCE%20Finding%20bugs%20in%20Windows%20Shell%20Link%20Parser.pdf

天融信阿尔法实验室成立于2011年,一直以来,阿尔法实验室秉承“攻防一体”的理念,汇聚众多专业技术研究人员,从事攻防技术研究,在安全领域前瞻性技术研究方向上不断前行。作为天融信的安全产品和服务支撑团队,阿尔法实验室精湛的专业技术水平、丰富的排异经验,为天融信产品的研发和升级、承担国家重大安全项目和客户服务提供强有力的技术支撑。



每日攻防资讯简报[Oct.9th]

每日攻防资讯简报[Oct.9th]

天融信

阿尔法实验室

长按二维码关注我们



本文始发于微信公众号(天融信阿尔法实验室):每日攻防资讯简报[Oct.9th]

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: