(转载)2020.8.31-9.6一周安全知识动态
2020.8.31-9.6一周安全知识动态
转自
虚拟化逃逸漏洞相关
•hyperv_local_dos_poc
1 | https://github.com/gerhart01/hyperv_local_dos_pocHyper-V DoSPoC |
IOT漏洞相关
•Cisco warns of actively exploited IOS XR zero-day
1 | https://www.zdnet.com/article/cisco-warns-of-actively-exploited-ios-xr-zero-day/CVE-2020-3566 cisco IOS XR 漏洞预警 |
•JTAG Explained (finally!): Why “IoT”, Software Security Engineers, and Manufacturers Should Care
1 | https://blog.senr.io/blog/jtag-explainedJTAG解析的文章 |
•pulse-gosecure-rce.py
1 | https://github.com/withdk/pulse-gosecure-rce-poc/blob/master/pulse-gosecure-rce.pyPulseSecure RCE (CVE-2020-8218) exp |
•Emulating NotPetya bootloader with Miasm
1 | https://aguinet.github.io/blog/2020/08/29/miasm-bootloader.html通过Miasm模拟运行NotPetya bootloader |
•WATCHCOM SECURITY GROUP UNCOVERS CISCO JABBER VULNERABILITIES
1 | https://watchcom.no/nyheter/nyhetsarkiv/uncovers-cisco-jabber-vulnerabilities/CiscoJabber漏洞分析 |
漏洞挖掘相关
•Grammar-Mutator
1 | https://github.com/AFLplusplus/Grammar-MutatorA grammar-based custom mutator for AFL++ |
•The Sound of Silence: Mining Security Vulnerabilities from Secret Integration Channels in Open-Source Projects
1 | https://arxiv.org/pdf/2009.01694.pdf开源框架漏洞挖掘 |
漏洞利用相关
•The Current State of Exploit Development, Part 1
1 | https://www.crowdstrike.com/blog/state-of-exploit-development-part-1/ |
应用程序漏洞相关
•CVE-2020-5412: Hystrix Dashboard Proxy In spring-cloud-netflix-hystrix-dashboard
1 | https://tanzu.vmware.com/security/cve-2020-5412spring-cloud-netflix-hystrix-dashboard CVE-2020-5412 SSRF漏洞 |
•Privilege Escalation in AWS Elastic Kubernetes Service (EKS) by compromising the instance role of worker nodes
1 | https://blog.christophetd.fr/privilege-escalation-in-aws-elastic-kubernetes-service-eks-by-compromising-the-instance-role-of-worker-nodes/AWS ElasticKubernetes提权漏洞分析 |
浏览器漏洞相关
•CVE-2020-1380: Analysis of Recently Fixed IE Zero-Day
1 | https://www.trendmicro.com/en_us/research/20/h/cve-2020-1380-analysis-of-recently-fixed-ie-zero-day.htmlCVE-2020-1380 IE漏洞分析 |
•Deserialization Bugs In The Wild
1 | https://vkili.github.io/blog/insecure%20deserialization/deserialization-in-the-wild/反序列化漏洞分析 |
•Java Buffer Overflow with ByteBuffer (CVE-2020-2803) and Mutable MethodType (CVE-2020-2805) Sandbox Escapes
1 | https://insinuator.net/2020/09/java-buffer-overflow-with-bytebuffer-cve-2020-2803-and-mutable-methodtype-cve-2020-2805-sandbox-escapes/CVE-2020-280及CVE-2020-2805Java漏洞分析 |
•Lock screen/Bitlocker bypass/elevation of privilege in Bitlocker
1 | https://docs.google.com/document/d/1S4jU7knBG_Km_AdHXf8JyE8zl0SOxQ9VvYFPanQy1g8/edit#heading=h.uqom8ty4aoh7Bitlocker提权漏洞分析 |
•Diving into unserialize()
1 | https://vkili.github.io/blog/insecure%20deserialization/unserialize/php unserialize()函数分析 |
•spring-view-manipulation
1 | https://github.com/veracode-research/spring-view-manipulationSpringFramework框架中view安全性分析 |
•Exploits in the Wild for vBulletin Pre-Auth RCE Vulnerability CVE-2020-17496
1 | https://unit42.paloaltonetworks.com/cve-2020-17496/CVE-2020-17496 vBulletin 认证前RCE漏洞分析 |
•CVE-2020-9715: EXPLOITING A USE-AFTER-FREE IN ADOBE READER
1 | https://www.zerodayinitiative.com/blog/2020/9/2/cve-2020-9715-exploiting-a-use-after-free-in-adobe-readerCVE-2020-9715AdobeReader UAF漏洞分析 |
•Vulnerability Discovery in Open Source Libraries: Analyzing CVE-2020-11863
1 | https://www.mcafee.com/blogs/other-blogs/mcafee-labs/vulnerability-discovery-in-open-source-libraries-analyzing-cve-2020-11863/CVE-2020-11863 libEMF漏洞分析 |
•How Do Generators… Generate, In SpiderMonkey?
1 | https://www.mgaudet.ca/technical/2020/9/1/how-do-generators-generate-in-spidermonkeySpiderMonkeyGenerators原理分析 |
•Exploit for https://bugs.chromium.org/p/chromium
1 | https://www.youtube.com/watch?v=trEQJgliUck&feature=youtu.be |
•JITSploitation I: A JIT Bug
1 | https://googleprojectzero.blogspot.com/2020/09/jitsploitation-one.html |
•SIMPLE BUGS WITH COMPLEX EXPLOITS
1 | https://www.elttam.com/blog/simple-bugs-with-complex-exploits/#contentv8 Issue2046详细分析 |
操作系统漏洞相关
•CVE-2020-7460: FREEBSD KERNEL PRIVILEGE ESCALATION
1 | https://www.zerodayinitiative.com/blog/2020/9/1/cve-2020-7460-freebsd-kernel-privilege-escalationCVE-2020-7460FreeBSD内核提权漏洞分析 |
•Advancing Windows Security
1 | https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE37dMCBluehatShanghai2019上Microsoft OS SecurityGroupManager关于windows安全机制的silde |
•DNS Server远程代码执行(CVE-2020-1350)【附DEMO视频】
1 | https://mp.weixin.qq.com/s__biz=MzUyMDEyNTkwNA==&mid=2247484522&idx=1&sn=502839af26daa450f644488d75f42cc7&chksm=f9ee68d5ce99e1c37960b7909b5e5cc40f38c9b71711309ee679f0819c10218c1f411976ad6c&scene=126&sessionid=1598960570&key=7adf10a6617c6315506261e47c83d49da426185a83a97372680c51010cd9f8a9b7d827f8ce99f66a6a037a0e51e31792a56cebcaeb5dc0397f92e90c443832a945cc89d1d4fc750e1cd43c30783fc7f9e08c7694e22d7f0dc1bff61b42ff65d359c70b50ecbe5031962b57b47eda33f6e7a61941d4c2016c630eeeddbfe5840a&ascene=1&uin=MTE1NDEwMjc3NA%3D%3D&devicetype=Windows+10+x64&version=62090514&lang=en&exportkey=A9HOqRA5mpcUuAp59geFMeQ%3D&pass_ticket=C6B3Q%2FKQ1%2FUbGev7ZeEeTKkGew3nmNhXz3pU3Wex0luSd%2FRuu%2BJ716bUqCZs4JbG |
•CVE-2020-0986: Windows splwow64 Untrusted Pointer Dereference
1 | https://googleprojectzero.blogspot.com/p/rca-cve-2020-0986.htmlproject zero关于CVE-2020-0986 windows提权漏洞的分析 |
•security things in Linux v5.6
1 | https://outflux.net/blog/archives/2020/09/02/security-things-in-linux-v5-6/linux v5.6安全机制分析 |
•Exploit Protection Reference
1 | https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/exploit-protection-referencewindows官方关于防护机制的说明 |
•Bypass AMSI by manual modification
1 | https://s3cur3th1ssh1t.github.io/Bypass_AMSI_by_manual_modification/绕过AMSI机制 |
•Windows 10 x64 1909 (OS Build 18363.719) • 10.0.18362.719 (WinBuild.160101.0800) • Out Of Bound Read and Write
1 | https://cpr-zero.checkpoint.com/vulns/cprid-2154/CVE-2020-1247漏洞分析 |
•Operation PowerFall: CVE-2020-0986 and variants
1 | https://securelist.com/operation-powerfall-cve-2020-0986-and-variants/98329/CVE-2020-0986漏洞分析 |
•This Font is not Your Type
1 | https://starlabs.sg/blog/2020/09/this-font-is-not-your-type/苹果相关系统中libFontParser.dylib库字体漏洞分析 |
其它
•Reverse Engineering: Marvel’s Avengers - Developing a Server Emulator
1 | https://krystalgamer.github.io/avengers-emulator/逆向分析Marvel's Avengers |
•Malware Development Pt. 1: Dynamic Module Loading in Go
1 | https://posts.specterops.io/malware-development-pt-1-dynamic-module-loading-in-go-1121f07f3a5aGo语言中的动态模块加载 |
•AN EXHAUSTIVELY-ANALYZED IDB FOR COMRAT V4
1 | https://www.msreverseengineering.com/blog/2020/8/31/an-exhaustively-analyzed-idb-for-comrat-v4COMRAT V4逆向分析 |
•The Art of Port Scanning
1 | http://phrack.org/issues/51/11.html23年前nmap团队发表在phrack杂志上关于端口扫描的文章 |
•Injecting to Remote Process via Thread Hijacking
1 | https://www.ired.team/offensive-security/code-injection-process-injection/injecting-to-remote-process-via-thread-hijacking通过ThreadHijacking实现进程注入 |