每日安全动态推送(04-21)

  • A+
所属分类:安全新闻
Tencent Security Xuanwu Lab Daily News

• Breaking ABUS Secvest internet-connected alarm systems (CVE-2020-28973): 
https://eye.security/en/blog/breaking-abus-secvest-internet-connected-alarm-systems-cve-2020-28973

   ・ CVE-2020-28973:ABUS Secvest 无线报警系统的未鉴权漏洞。 – potato


• [Tools] itm4n/Perfusion: 
https://github.com/itm4n/Perfusion/blob/master/RegistryPatch.ps1

   ・ Perfusion:Windows 7, Windows Server 2008R2, Windows 8, and Windows Server 2012 上的本地提权工具。 – potato


• [Tools] Decoding Cobalt Strike Traffic: 
https://isc.sans.edu/diary/rss/27322

   ・ 解密钴矿攻击流量分析。 – lanying37


• NAT 原理以及 UDP 穿透: 
https://paper.seebug.org/1561/

   ・ NAT 原理以及 UDP 穿透实现。 – lanying37


• CVE-2020-9900 & CVE-2021-1786 - Abusing macOS Crash Reporter: 
https://theevilbit.github.io/posts/macos_crashreporter/

   ・ 探讨 CVE-2020-9900(本地提权) 和 CVE-2021-1786(任意文件删除)符号链接攻击的漏洞。 – potato


• Hacking 3,000,000 apps at once through CocoaPods: 
https://justi.cz/security/2021/04/20/cocoapods-rce.html

   ・ CocoaPods Trunk 存在远程命令执行漏洞。 – potato


• [Windows] Uncovering and Disclosing a Signature Spoofing Vulnerability in Windows Installer: CVE-2021-26413: 
https://sec.okta.com/articles/2021/04/uncovering-and-disclosing-signature-spoofing-vulnerability-windows

   ・ CVE-2021-26413:Windows Installer 签名欺骗漏洞 – potato


• Intezer - HabitsRAT Used to Target Linux and Windows Servers: 
https://www.intezer.com/blog/malware-analysis/habitsrat-used-to-target-linux-and-windows-servers/

   ・ HabitsRAT:Go 语言开发的 Windows Server 和 Linux 的后门软件。 – potato


• [Tools] Tenet: A Trace Explorer for Reverse Engineers: 
https://blog.ret2.io/2021/04/20/tenet-trace-explorer/

   ・ Tenet:IDA Pro 的插件,用于清晰的展示和探索被分析的程序执行状态。 – potato


• Analysis of Chromium issue 1196683, 1195777: 
https://iamelli0t.github.io/2021/04/20/Chromium-Issue-1196683-1195777.html

   ・ 分析 Chromium issue 1196683 和 1195777,两个有关 v8 引擎的漏洞修复的 issue。 – potato


• Thread and Process State Change: 
https://windows-internals.com/thread-and-process-state-change/

   ・ 通过未公开的 API 挂起和恢复进程和线程绕过 EDR Hook 。 – potato


• Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day: 
https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html

   ・ 研究发现 APT 攻击者通过 0day 绕过 Pulse Secure VPN 身份验证。 – potato


• CVE-2021-30481: Source engine remote code execution via game invites: 
https://secret.club/2021/04/20/source-engine-rce-invite.html

   ・ CVE-2021-30481:利用 Steamworks API 和 Source Engine,通过 Steam 邀请实现 RCE。 –potato


• tmp.0ut: 
https://tmpout.sh/1/

   ・ ELF 二进制文件的学习参考指南。 – potato


• [PDF] https://arxiv.org/pdf/2003.05503.pdf: 
https://arxiv.org/pdf/2003.05503.pdf

   ・ Bypassing memory safety mechanisms through speculative control flow hijacks – potato


• [Pentest] List of Metasploit Windows Exploits (Detailed Spreadsheet): 
https://www.infosecmatter.com/list-of-metasploit-windows-exploits-detailed-spreadsheet/

   ・ Metasploit Windows最全的漏洞利用列表。 – lanying37


* 查看或搜索历史推送内容请访问: 
https://sec.today

* 新浪微博账号:腾讯玄武实验室 
https://weibo.com/xuanwulab


本文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(04-21)

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: