![每日攻防资讯简报[Aug.19th]](http://cn-sec.com/wp-content/uploads/2020/08/2-1597932215.jpeg "每日攻防资讯简报[Aug.19th]")
1.DopplePaymer勒索软件入侵了加拿大皇家军事学院(RMC),发布了大约1GB的泄露数据
![每日攻防资讯简报[Aug.19th]](http://cn-sec.com/wp-content/uploads/2020/08/5-1597932217.png "每日攻防资讯简报[Aug.19th]")
https://cybleinc.com/2020/08/18/dopplepaymer-ransomware-operators-allegedly-struck-royal-military-college-of-canada/
2.纽约一家名为Cense的人工智能公司泄露了250万条包含敏感和机密数据的病历,其中包括个人身份信息(PII)和其他敏感信息,例如患者姓名、保险记录、医疗诊断和付款信息
https://securethoughts.com/medical-data-of-auto-accident-victims-exposed-online/
1.对私人项目发现的一个可以窃取数据的XSS漏洞
https://medium.com/bugbountywriteup/stealing-your-data-using-xss-bf7e4a31e6ee
2.开源多平台通信应用Rocket.Chat XSS导致RCE(CVE-2020-15926)
https://blog.redteam.pl/2020/08/rocket-chat-xss-rce-cve-2020-15926.html
3.CVE-2020-10029:GNU LIBC三角函数中的缓冲区溢出
https://blog.forallsecure.com/cve-2020-10029-buffer-overflow-in-gnu-libc-trigonometry-functions
4.发现和利用多人游戏引擎中的漏洞
1.黑客组织TeamTNT使用加密采矿蠕虫攻击AWS,收集AWS凭证并安装Monero加密矿工
https://www.cadosecurity.com/2020/08/17/teamtnt-the-first-crypto-mining-worm-to-steal-aws-credentials/
2.Duri活动:广告软件通过HTML Smuggling投递
https://www.menlosecurity.com/blog/new-attack-alert-duri
1.mole:验性质的IDS,用Yara作为匹配引擎,并使用PF_RING进行高速数据包捕获
https://github.com/mole-ids/mole
2.sinter:使用Swift编写的MacOS用户模式应用程序授权系统
https://github.com/trailofbits/sinter
3.redshell:交互式命令提示符,通过proxychains执行命令,并自动将它们记录在Cobalt Strike服务器上
https://github.com/Verizon/redshell
4.centrifuge-toolkit:可视化和实证分析二进制文件中编码的信息
https://github.com/BinaryResearch/centrifuge-toolkit
5.Kali Linux发布2020.3版
https://www.kali.org/news/kali-2020-3-release/
6.OpenRedireX:针对OpenRedirect问题的异步Fuzzer
https://github.com/devanshbatham/OpenRedireX
1.Linux内核运行时防护(LKRG)简介
https://www.openwall.com/presentations/OSTconf2020-LKRG-In-A-Nutshell/
2.Fun with header and forget password, with a twist
https://medium.com/bugbountywriteup/fun-with-header-and-forget-password-with-a-twist-af095b426fb2
3.智能协议Hacking:Solidity for Penetration Testers
http://console-cowboys.blogspot.com/2020/08/smart-contract-hacking-chapter-1.html
4.白盒演示,以及使用QBDI对目标进行检测和分析,以产生执行痕迹
https://blog.quarkslab.com/introduction-to-whiteboxes-and-collision-based-attacks-with-qbdi.html
5.逆向GTA V的特技跳跃系统
https://hackery.site/writing/gta-v-stunt-jumps/
6.汇编语言教程
https://www.techteaching.co.uk/posts/learning-assembly-language-a-helpful-guide-part-1
https://www.techteaching.co.uk/posts/learning-assembly-language-a-helpful-guide-part-2
7.为什么需要扫描UDP端口
https://medium.com/@securityshenaningans/why-you-should-always-scan-udp-ports-part-1-2-d8ee7eb26727
8.Windows事件响应清单
https://www.hackingarticles.in/incident-response-windows-cheatsheet/
天融信阿尔法实验室成立于2011年,一直以来,阿尔法实验室秉承“攻防一体”的理念,汇聚众多专业技术研究人员,从事攻防技术研究,在安全领域前瞻性技术研究方向上不断前行。作为天融信的安全产品和服务支撑团队,阿尔法实验室精湛的专业技术水平、丰富的排异经验,为天融信产品的研发和升级、承担国家重大安全项目和客户服务提供强有力的技术支撑。
![每日攻防资讯简报[Aug.19th]](http://cn-sec.com/wp-content/uploads/2020/08/4-1597932218.png "每日攻防资讯简报[Aug.19th]")
![每日攻防资讯简报[Aug.19th]](http://cn-sec.com/wp-content/uploads/2020/08/3-1597932218.jpeg "每日攻防资讯简报[Aug.19th]")
天融信
阿尔法实验室
长按二维码关注我们
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论