报告编号:B6-2020-090101
报告来源:360CERT
报告作者:360CERT
更新日期:2020-09-01
Vulnerability|漏洞
CVE-2019-17026:Firefox JIT漏洞,双星漏洞之一Exp
https://github.com/maxpl0it/CVE-2019-17026-Exploit/
chrome 一个1day的exp,影响版本:<= 83.0.4103.61
https://github.com/r4j0x00/exploits
CVE-2020-8218:Pulse Secure RCE PoC
https://github.com//withdk//pulse-gosecure-rce-poc
Malware|恶意软件
疑似摩诃草组织利用边境争端问题为诱饵针对周边地区的攻击活动分析
https://mp.weixin.qq.com/s/iFM0ZZDrqqWFki3hB5h5_w
QNAP NAS在野漏洞攻击事件
https://blog.netlab.360.com/in-the-wild-qnap-nas-attacks/
对恶意软件Gozi演变的跟踪和分析
https://research.checkpoint.com/2020/gozi-the-malware-with-a-thousand-faces/
Security Research|安全研究
linux Shellcode 注入教程
https://pwn.college/modules/shellcode
物联网安全之MQTT渗透实战
https://www.anquanke.com/post/id/216074
利用Metasploit Loader 64-Bit 生成可以绕过杀毒软件的程序
https://medium.com/securebit/bypassing-av-through-metasploit-loader-64-bit-9abe55e3e0c8
Slack + Zomato,HTTP请求走私导致用户接管
https://www.youtube.com/watch?v=gzM4wWA7RFo&feature=youtu.be
Windows 利用编写相关资源
https://github.com/FULLSHADE/WindowsExploitationResources
使用 CodeQL 分析闭源 Java 程序
https://paper.seebug.org/1324/
Fuzzing Linux kernel (x86) entry code, Part 1 of 3
https://blogs.oracle.com/linux/fuzzing-the-linux-kernel-x86-entry-code%2c-part-1-of-3
一步步用iPhone搭建iOS研究环境
https://www.mac4n6.com/blog/2020/8/23/step-by-step-iphone-setup-for-ios-research-via-bizzybarney
Security Tools|安全工具
Speakeasy:fireeye出品的恶意样本仿真框架
https://www.fireeye.com/blog/threat-research/2020/08/emulation-of-malicious-shellcode-with-speakeasy.html
推荐阅读:
长按下方二维码关注360CERT!谢谢你的关注!
注:360CERT官方网站提供 《360-CERT每日安全简报(2020-09-01)》 完整详情,点击阅读原文
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论