每日攻防资讯简报[Aug.26th]

1.与朝鲜联系的APT组织正在将重点转移到针对加密货币和金融垂直行业

https://labs.f-secure.com/assets/BlogFiles/f-secureLABS-tlp-white-lazarus-threat-intel-report2.pdf

1.gdb_2_root：GDB脚本，添加在没有符号的情况下调试内核的有用命令

https://github.com/c3r34lk1ll3r/gdb_2_root

2.DVS：DCOM漏洞扫描器，利用DCOM实现横向渗透

https://github.com/ScorpionesLabs/DVS

3.aws-recon：一个多线程的AWS库存收集工具

https://github.com/darkbitio/aws-recon

4.PwnXSS：漏洞(XSS)扫描器利用

https://github.com/pwn0sec/PwnXSS

5.Tweettioc-Splunk-App：Tweettioc Splunk App

https://github.com/fatihsirin/Tweettioc-Splunk-App

1.Intel管理引擎漏洞利用，Part3：USB劫持（INTEL-SA-00086）

https://kakaroto.ca/2020/08/exploiting-intels-management-engine-part-3-usb-hijacking-intel-sa-00086/

2.为编程语言编写测试用例生成器

https://fitzgeraldnick.com/2020/08/24/writing-a-test-case-generator.html

3.使用伪造的VPN检查Android HTTP流量

https://httptoolkit.tech/blog/inspecting-android-http

4.建立SIEM：将ELK，Wazuh HIDS和Elastalert结合起来以获得最佳性能

https://medium.com/bugbountywriteup/building-a-siem-combining-elk-wazuh-hids-and-elastalert-for-optimal-performance-f1706c2b73c6

5.PowerSHell日志记录：混淆和某些新的（ISH）绕过，Part1

https://www.bc-security.org/post/powershell-logging-obfuscation-and-some-newish-bypasses-part-1/

6.绕过Windows Defender Credential Guard

https://teamhydra.blog/2020/08/25/bypassing-credential-guard/

7.TryHackMe: Overpass 2 — Hacked Walkthrough

https://medium.com/bugbountywriteup/tryhackme-overpass-2-hacked-walkthrough-351daeaeca89

8.为什么我们仍然无法和平浏览：网络浏览历史的独特性和可识别性

https://www.usenix.org/system/files/soups2020-bird.pdf

9.A Hands-On Introduction to Mandiant's Approach to OT Red Teaming

https://www.fireeye.com/blog/threat-research/2020/08/hands-on-introduction-to-mandiant-approach-to-ot-red-teaming.html

10.使用打印机协议攻击Windows计算机