(转载)2020.8.24-8.30一周安全知识动态
2020.8.24-8.30一周安全知识动态
转自
IOT漏洞相关
•CVE-2020-10611: ACHIEVING CODE EXECUTION ON THE TRIANGLE MICROWORKS SCADA DATA GATEWAY
1 | https://www.zerodayinitiative.com/blog/2020/8/24/cve-2020-10611-achieving-code-execution-on-the-triangle-microworks-scada-data-gatewayCVE-2020-10611TriangleMicroWorks SCADA DataGateway RCE漏洞分析 |
•CISCO ISE < 1.5 PASSWORDS DECRYPTION
1 | https://www.synacktiv.com/publications/cisco-ise-15-passwords-decryption.htmlCisco ISE < 1.5密码解密分析 |
•Forget Your Perimeter: RCE in Pulse Connect Secure (CVE-2020-8218)
1 | https://www.gosecure.net/blog/2020/08/26/forget-your-perimeter-rce-in-pulse-connect-secure/PulseConnectSecure RCE漏洞CVE-2020-8218分析 |
漏洞挖掘相关
•js-fuzzer
1 | https://source.chromium.org/chromium/chromium/src/+/master:v8/tools/clusterfuzz/js_fuzzer/新开源的JS-Fuzzer |
•Improving Coverage Guided Fuzzing, Using Static Analysis
1 | https://repret.wordpress.com/2017/05/01/improving-coverage-guided-fuzzing-using-static-analysis/使用静态分析来提升CoverageGuidedFuzzing |
•Fuzzing the Linux kernel (x86) entry code, Part 1 of 3
1 | https://blogs.oracle.com/linux/fuzzing-the-linux-kernel-x86-entry-code%2c-part-1-of-3fuzz linux内核系列文章 |
•Damn_Vulnerable_C_Program
1 | https://github.com/hardik05/Damn_Vulnerable_C_Program用来学习AFL漏洞挖掘的demo |
• AFL fuzz系列教程及视频
1 | https://hardik05.wordpress.com/tag/afl/ |
浏览器漏洞相关
•Cleanly Escaping the Chrome Sandbox
1 | https://theori.io/research/escaping-chrome-sandbox/Issue1062091沙箱逃逸漏洞分析 |
•JavaScript Engine Fuzzing and Exploitation Reading List
1 | https://zon8.re/posts/javascript-engine-fuzzing-and-exploitation-reading-list/javascript fuzz以及漏洞利用相关资源 |
•Stealing local files using Safari Web Share API
1 | https://blog.redteam.pl/2020/08/stealing-local-files-using-safari-web.html使用safari浏览器WebShare API获取本地文件 |
•CVE-2019-17026-Exploit
1 | https://github.com/maxpl0it/CVE-2019-17026-Exploithttps://labs.f-secure.com/blog/exploiting-cve-2019-17026-a-firefox-jit-bug/CVE-2019-17026- Firefox JIT 漏洞exp及分析 |
•CVE-2020-1380: Analysis of Recently Fixed IE Zero-Day
1 | https://www.trendmicro.com/en_us/research/20/h/cve-2020-1380-analysis-of-recently-fixed-ie-zero-day.htmlCVE-2020-1380 IE漏洞分析 |
应用程序漏洞相关
•Demystifying Insecure Deserialization in PHP
1 | https://medium.com/bugbountywriteup/demystifying-insecure-deserialization-in-php-684cab9c4d24PHP反序列化研究 |
•LEARNING ABOUT STRUCTURE-AWARE FUZZING AND FINDING JSON BUGS TO BOOT
1 | https://blog.forallsecure.com/learning-about-structure-aware-fuzzing-and-finding-json-bugs-to-boot?utm_content=138198210&utm_medium=social&utm_source=twitter&hss_channel=tw-1568510322Json漏洞挖掘 |
•Grafana <= 6.4.3 Arbitrary File Read
1 | https://swarm.ptsecurity.com/grafana-6-4-3-arbitrary-file-read/Grafana<= 6.4.3任意文件读漏洞分析 |
•Now you C me, now you don’t: An introduction to the hidden attack surface of interpreted languages
1 | https://securitylab.github.com/research/now-you-c-me解释型语言攻击面分析 |
•IDS Bypass contest at PHDays: writeup and solutions
1 | http://blog.ptsecurity.com/2019/07/ids-bypass-contest-at-phdays-writeup.html?fbclid=IwAR2-v_v_NcjWYJ9iVvcc1yWAt3pyMKnzboV622QMI9NI3CKYyqn6HIRrjZ8入侵检测系统绕过方法总结 |
•Remote Code Execution in Slack desktop apps + bonus
1 | https://hackerone.com/reports/783877Slack远程命令执行漏洞 |
虚拟化逃逸漏洞相关
•A Tale of Escaping a Hardened Docker container
1 | https://www.redtimmy.com/docker/a-tale-of-escaping-a-hardened-docker-container/Docker container逃逸漏洞分析 |
•Oracle VirtualBox VBoxVHWAHandleTable Out-Of-Bounds Access Privilege Escalation
1 | https://starlabs.sg/advisories/20-2682/CVE-2020-2682 OOB越界提权漏洞 |
操作系统漏洞相关
•Part 2: Step-by-step iPhone Setup for iOS Research
1 | https://www.mac4n6.com/blog/2020/8/23/step-by-step-iphone-setup-for-ios-research-via-bizzybarneyiOS研究环境搭建 |
•Reverse engineering and modifying an Android game (.apk) — CTF
1 | https://medium.com/swlh/reverse-engineering-and-modifying-an-android-game-apk-ctf-c617151b874c安卓APK逆向 |
•Reverse Engineering The Medium App (and making all stories in it free)
1 | https://medium.com/hackernoon/dont-publish-yet-reverse-engineering-the-medium-app-and-making-all-stories-in-it-free-48c8f2695687逆向并破解MediumApp |
•Android Apk Reverse Engineering
1 | https://medium.com/@chris.yn.chen/apk-reverse-engineering-df7ed8cec191安卓apk逆向 |
•A Voyage to Uncovering Telemetry: Identifying RPC Telemetry for Detection Engineers
1 | https://ipc-research.readthedocs.io/en/latest/subpages/RPC.htmlwindows RPC研究报告 |
•MMS Exploit Part 5: Defeating Android ASLR, Getting RCE
1 | https://googleprojectzero.blogspot.com/2020/08/mms-exploit-part-5-defeating-aslr-getting-rce.html安卓ASLR机制分析到RCE |
•Oversecured automatically discovers persistent code execution in the Google Play Core Library
1 | https://blog.oversecured.com/Oversecured-automatically-discovers-persistent-code-execution-in-the-Google-Play-Core-Library/GooglePlayCoreLibrary漏洞挖掘与分析 |
工具相关
•serpentine
1 | https://github.com/jafarlihi/serpentineserpentine windows远控工具 |
其它
•Advanced Binary Deobfuscation
1 | https://github.com/malrev/ABD高级二进制反混淆课程 |
•Bypassing Antivirus with Golang – Gopher it!
1 | https://labs.jumpsec.com/2019/06/20/bypassing-antivirus-with-golang-gopher-it/使用Golang绕过杀软 |