2020.10.19-11.1一周安全知识动态

转自

IOT漏洞相关

•Remote Command Execution in Ruckus IoT Controller (CVE-2020-26878 & CVE-2020-26879)

1 2	https://adepts.of0x.cc/ruckus-vriot-rce/ Ruckus IoT Controller命令执行漏洞CVE-2020-26878 以及 CVE-2020-26879分析

•Interacting with a Serial Port

1 2	https://cybergibbons.com/hardware-hacking/interacting-with-a-serial-port/ 硬件串口通信

CTF相关

•Using a PIE binary as a Shared Library — HCSC-2020 CTF Writeup

1	HCSC-2020 CTF 逆向题Baseline test writeup

操作系统漏洞相关

•Explicit Is Always Good? Read the Story of CVE-2020-1034

1 2	https://blog.br0vvnn.io/pages/blogpost.aspx?id=2 CVE-2020-1034 widows内核提权漏洞分析

•Let’s talk macOS Authorization

1 2	https://theevilbit.github.io/posts/macos_authorization/ macOS认证分析

•Samsung S20 - RCE via Samsung Galaxy Store App

1 2	https://labs.f-secure.com/blog/samsung-s20-rce-via-samsung-galaxy-store-app/ Samsung S20 RCE漏洞分析

•Getting started in macOS security

1	https://theevilbit.github.io/posts/getting_started_in_macos_security/macOS 安全研究资源

•A story of three CVE’s in Ubuntu Desktop

1 2	https://www.eyecontrol.nl/blog/the-story-of-3-cves-in-ubuntu-desktop.html ubuntu CVE-2020-15703、CVE-2020-16121以及CVE-2020-15238漏洞分析

•CVE-2020-16939: WINDOWS GROUP POLICY DACL OVERWRITE PRIVILEGE ESCALATION

1 2	https://www.zerodayinitiative.com/blog/2020/10/27/cve-2020-16939-windows-group-policy-dacl-overwrite-privilege-escalation CVE-2020-16939 windows组策略提权漏洞分析

•UACMe 3.5, WD and the ways of mitigation

1 2	https://swapcontext.blogspot.com/2020/10/uacme-35-wd-and-ways-of-mitigation.html UAC bypasses 技术分析

•Secure loading of libraries to prevent DLL preloading attacks

1 2	https://support.microsoft.com/en-in/help/2389418/secure-loading-of-libraries-to-prevent-dll-preloading-attacks dll 注入机制防御机制

•Issue 2104: Windows Kernel cng.sys pool-based buffer overflow in IOCTL 0x390400

1 2	https://bugs.chromium.org/p/project-zero/issues/detail?id=2104 windows内核cng.sys池溢出漏洞分析

漏洞挖掘相关

•AFLNet: A Greybox Fuzzer for Network Protocols

1 2	https://github.com/aflnet/aflnethttps://www.youtube.com/watch?v=Au3eO7mEI7E&feature=youtu.be AFLNet 网络协议fuzz开源工具及视频

•Fuzzing (fuzz testing) tutorial: What it is and how can it improve application security?

1
2

https://www.techrepublic.com/article/fuzzing-fuzz-testing-tutorial-what-it-is-and-how-can-it-improve-application-security/
对Dr. David Brumley（a professor at Carnegie Mellon University and CEO）关于fuzz的采访

•Let’s build a high-performance fuzzer with GPUs!

1 2	https://blog.trailofbits.com/2020/10/22/lets-build-a-high-performance-fuzzer-with-gpus/ 通过GPU来构建高性能fuzzer

•Basic Buffer Overflow Guide

1 2	https://catharsis.net.au/blog/basic-buffer-overflow-guide/ demo服务器栈溢出fuzz漏洞挖掘以及漏洞

•The Fuzzing Book

1 2	https://www.fuzzingbook.org/beta/ fuzz理论与实践比较好的公开电子书

•How to check code coverage on Linux with gcov, lcov and gcovr

1 2	https://www.youtube.com/watch?v=rOXsKuW5xXw&feature=youtu.be linux系统中如何检查代码覆盖率

•Getting started with go-fuzz

1 2	https://adalogics.com/blog/getting-started-with-go-fuzz go-fuzz分析

浏览器漏洞相关

•Firefox Vulnerability Research

1 2	https://blog.exodusintel.com/2020/10/20/firefox-vulnerability-research/ firfox漏洞研究

•Introducing Microsoft Edge preview builds for Linux

1 2	https://blogs.windows.com/msedgedev/2020/10/20/microsoft-edge-dev-linux/ 在linux上安装windows edge

•Exploiting a textbook use-after-free in Chrome

1
2

https://securitylab.github.com/research/CVE-2020-6449-exploit-chrome-uafhttps://github.com/github/securitylab/tree/main/SecurityExploits/Chrome/blink/CVE-2020-6449
Chrome textbook use-after-free 漏洞分析及利用

虚拟化逃逸漏洞相关

•VMware ESXi SLP Use-After-Free Remote Code Execution Vulnerability

1 2	https://www.zerodayinitiative.com/advisories/ZDI-20-1269/ CVE-2020-3992VMware ESXi SLP uaf漏洞公告

•DETAILING TWO VMWARE WORKSTATION TOCTOU VULNERABILITIES

1 2	https://www.zerodayinitiative.com/blog/2020/10/22/detailing-two-vmware-workstation-toctou-vulnerabilities VMWARE WORKSTATION TOCTOU漏洞分析

•First Steps in Hyper-V Research

1 2	https://msrc-blog.microsoft.com/2018/12/10/first-steps-in-hyper-v-research Hyper-V 虚拟化漏洞研究

•VM Forking and Hypervisor-based Fuzzing with Xen

1 2	https://www.slideshare.net/tklengyel/vm-forking-and-hypervisorbased-fuzzing-with-xen ossummit上关于VM Forking以及Hypervisor-based fuzz的ppt

应用程序漏洞相关

•FRITZ!Box DNS Rebinding Protection Bypass

1 2	https://www.redteam-pentesting.de/en/advisories/rt-sa-2020-003/-fritz-box-dns-rebinding-protection-bypass DNS Rebinding保护机制绕过

•AssaultCube RCE: Technical Analysis

1 2	https://medium.com/@elongl/assaultcube-rce-technical-analysis-e12dedf680e5 AssaultCube RCE 漏洞分析

•Discord Desktop app RCE

1 2	https://mksben.l0.cm/2020/10/discord-desktop-rce.html CVE-2020-15174 Discord Desktop app rce漏洞分析

•GitHub - RCE via git option injection (almost) - $20,000 Bounty

1 2	https://devcraft.io/2020/10/18/github-rce-git-inject.html GitHub - RCE git option漏洞分析

•Insecure use of shell.openExternal

1 2	https://github.com/wireapp/wire-desktop/security/advisories/GHSA-5gpx-9976-ggpm wire app desktop 代码执行漏洞分析

•SECRET FRAGMENTS: REMOTE CODE EXECUTION ON SYMFONY BASED WEBSITES

1 2	https://www.ambionics.io/blog/symfony-secret-fragment Symfony框架代码执行漏洞

•CVE-2020-17365 – Hotspot Shield VPN New Privilege Escalation Vulnerability

1 2	https://cymptom.com/cve-2020-17365-hotspot-shield-vpn-new-privilege-escalation-vulnerability/2020/10/ CVE-2020-17365 Hotspot Shield VPN提权漏洞分析

•Gateway2Hell – Multiple Privilege Escalation Vulnerabilities in Citrix Gateway Plug-In

1 2	https://cymptom.com/gateway2hell-multiple-privilege-escalation-vulnerabilities-in-citrix-gateway-plug-in/2020/10/ Citrix Gateway Plug-In 提权漏洞分析

•GitHub Pages - Multiple RCEs via insecure Kramdown configuration - $25,000 Bounty

1 2	https://devcraft.io/2020/10/20/github-pages-multiple-rces-via-kramdown-config.html 通过Kramdown configuration实现github代码执行

•Citrix ADC (Netscaler ADC) Multi-Factor Bypass

1 2	https://vdalabs.com/2020/10/26/citrix-adc-netscaler-adc-multi-factor-bypass/ Citrix ADC 多因子认证绕过

•Weblogic RCE by only one GET request — CVE-2020–14882 Analysis

1 2	https://testbnull.medium.com/weblogic-rce-by-only-one-get-request-cve-2020-14882-analysis-6e4b09981dbf CVE-2020–14882 Weblogic RCE 漏洞分析

•Reversing Pulse Secure Client Credentials Store

1 2	https://quentinkaiser.be/reversing/2020/10/27/pule-secure-credentials/ Pulse Secure客户端证书分析

•Code vulnerabilities put health records at risk

1 2	https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability OpenEMR 5.0.2.1 RCE漏洞分析

工具相关

•Cloud Security Tools

1 2	https://cloudberry.engineering/tool/ 云安全工具收集

其它

•NSA Warns Chinese State-Sponsored Malicious Cyber Actors Exploiting 25 CVEs

1 2	https://media.defense.gov/2020/Oct/20/2002519884/-1/-1/0/CSA_CHINESE_EXPLOIT_VULNERABILITIES_UOO179811.PDF 我国网络攻击中常用的25个cve

•Cheating at Online Video Games and What It Can Teach Us About AppSec (Part 1)

1 2	https://labs.bishopfox.com/industry-blog/cheating-at-online-video-games-part-1 电子游戏作弊机制分析

•How Debuggers Work: Getting and Setting x86 Registers, Part 1

1 2	https://www.moritz.systems/blog/how-debuggers-work-getting-and-setting-x86-registers-part-1/ 调试器的工作机制分析系列文章1

•How Debuggers Work: Getting and Setting x86 Registers, Part 2: XSAVE

1 2	https://www.moritz.systems/blog/how-debuggers-work-getting-and-setting-x86-registers-part-2/ 调试器的工作机制分析系列文章2

Page View

Prev Home Next

(转载)2020.10.19-11.1一周安全知识动态