每日攻防资讯简报[Aug.18th]

1.英国零售巨头Monsoon使用具有已知漏洞的Pulse Connect Secure VPN版本，可导致黑客窃取或勒索敏感的内部公司文件、客户数据等

https://vpnpro.com/blog/monsoon-vulnerability/

2.WordPress Sell Photo插件的存储型XSS漏洞

https://melbin.in/2020/08/14/stored-xss-vulnerability-in-wordpress-sell-photo-plugin/

3.GlueBall: The story of CVE-2020–1464

https://medium.com/@TalBeerySec/glueball-the-story-of-cve-2020-1464-50091a1f98bd

4.TinyMCE HTML文本编辑器的XSS漏洞

https://labs.bishopfox.com/advisories/tinymce-version-5.2.1

1.NoVmp：适用于VMProtect x64 3.x的静态反虚拟化程序

https://github.com/can1357/NoVmp

2.urlbuster：Web目录模糊处理程序，用于查找现有和/或隐藏的文件或目录

https://github.com/cytopia/urlbuster

3.vmpattack：VMP to VTIL lifter

https://github.com/0xnobody/vmpattack

4.spacesiren：一个AWS的honey token管理和警报系统

https://github.com/spacesiren/spacesiren

5.houndsploit：带GUI界面的Exploit-DB搜索引擎

https://github.com/nicolas-carolo/houndsploit

6.ysomap：一个基于ysoserial的Java反序列化开发框架

https://github.com/wh1t3p1g/ysomap

7.Noctilucent：使用TLS 1.3逃避审查，绕过网络防御，并融入噪音

https://github.com/SixGenInc/Noctilucent

8.msticpy：微软的威胁情报安全工具

https://github.com/microsoft/msticpy

https://github.com/microsoft/msticnb

https://medium.com/@msticmed/announcing-mstic-notebooklets-d32479bd07f

1.使用POPAD小工具解决高度混淆的二进制文件

https://www.rakach.com/post/solving-highly-obfuscated-binary-using-popad-gadgets

2.PE实施中的错误导致二进制Ninja和radare2中的部分映射不正确

https://www.rakach.com/post/sloppy-implementation-of-pe-leads-to-incorrect-section-mapping-in-binary-ninja-and-radare2

3.使用白盒分析发现有趣的Java反序列化漏洞，Part1：JMS

https://blog.silentsignal.eu/2020/08/17/unexpected-deserialization-pt-1-jms/

4.Lin.Security: 1 Vulnhub Machine Walkthrough

https://melbin.in/2020/08/17/lin-security-1-vulnhub-machine-walkthrough/

5.自动从Github收集的PoC

https://github.com/nomi-sec/PoC-in-GitHub

6.Android渗透测试实验室搭建与实战

https://medium.com/bugbountywriteup/android-pentesting-lab-4a6fe1a1d2e0

7.以一种不寻常的方式泄漏AWS元数据

https://medium.com/bugbountywriteup/leaking-aws-metadata-f5bc8de03284

8.WebAssembly二进制文件中可利用的漏洞的程度以及与本机代码的比较

https://www.usenix.org/system/files/sec20-lehmann.pdf

9.FireWalker：一种绕过用户空间EDR Hooking的普遍新方法

https://www.mdsec.co.uk/2020/08/firewalker-a-new-approach-to-generically-bypass-user-space-edr-hooking/

https://github.com/mdsecactivebreach/firewalker

10.使用Echidna测试智能合约库

https://blog.trailofbits.com/2020/08/17/using-echidna-to-test-a-smart-contract-library/

11.从Azure到本地AD的横向移动

https://posts.specterops.io/death-from-above-lateral-movement-from-azure-to-on-prem-ad-d18cb3959d4d

12.Bug Bounty Tips #5

https://www.infosecmatter.com/bug-bounty-tips-5-aug-17/

13.在11个月内对多达66,606次的蜜罐进行的未经请求的呼叫的首次大规模，纵向分析

https://www.usenix.org/system/files/sec20-prasad.pdf

14.关于测量和可视化Fuzzer性能

https://hexgolems.com/2020/08/on-measuring-and-visualizing-fuzzer-performance/

15.CobaltStrike资源收集

https://github.com/zer0yu/Awesome-CobaltStrike

16.2020年年中数据泄露快速查看报告

https://pages.riskbasedsecurity.com/en/2020-mid-year-data-breach-quickview-report

17.如何通过Pass-the-PRT的攻击向云进行横向移动

https://blog.stealthbits.com/lateral-movement-to-the-cloud-pass-the-prt