(转载)2020.11.2-11.15一周安全知识动态

2020.11.2-11.15一周安全知识动态

转自image-20200929114557052

漏洞挖掘相关

•Moving From Dynamic Emulation of UEFI Modules To Coverage-Guided Fuzzing of UEFI Firmware

1
2
https://labs.sentinelone.com/moving-from-dynamic-emulation-of-uefi-modules-to-coverage-guided-fuzzing-of-uefi-firmware/https://github.com/Sentinel-One/efi_fuzz
基于反馈的对UEFI固件的fuzz

•Fuzzing Go package using go-fuzz & libfuzzer

1
2
https://academy.fuzzinglabs.com/fuzzing-go-package-go-fuzz-libfuzzer
使用go-fuzz & libfuzzer 对go package进行fuzz

•2020 LLVM Developers’ Meeting: E. Stepanov “Memory tagging in LLVM and Android”

1
2
https://www.youtube.com/watch?v=tqG9pr1K5G8
llvm以及安卓中的内存标记技术

•Instrumenting Adobe Reader with Frida

1
2
https://starlabs.sg/blog/2020/11/instrumenting-adobe-reader-with-frida/
Adobe Reader通过Frida插桩

IOT漏洞相关

•Vulnerabilities and tools for the PAX Payment Devices, including D200, S80, S300, S800, S900, S920

1
2
https://git.lsd.cat/g/pax-pwn
PAX支付设备漏洞分析

•Silver Peak Unity Orchestrator RCE

1
2
https://medium.com/realmodelabs/silver-peak-unity-orchestrator-rce-2928d65ef749
Silver Peak Unity Orchestrator 代码执行漏洞分析

•TP-Link Takeover with a Flash Drive

1
2
https://medium.com/tenable-techblog/tp-link-takeover-with-a-flash-drive-d493666f6b39
通过usb驱动攻击TP-Link

•Extraordinary Vulnerabilities Discovered in TCL Android TVs, Now World’s 3rd Largest TV Manufacturer

1
2
https://sick.codes/extraordinary-vulnerabilities-discovered-in-tcl-android-tvs-now-worlds-3rd-largest-tv-manufacturer/
TCL 安卓TV漏洞分析

操作系统漏洞相关

•Fuzzing for eBPF JIT bugs in the Linux kernel

1
2
https://scannell.me/fuzzing-for-ebpf-jit-bugs-in-the-linux-kernel/
eBPF JIT fuzz漏洞挖掘及CVE-2020-27194漏洞分析

•Using the Linux Audit API to Track Processes

1
2
http://natanyellin.com/posts/using-linux-audit-to-track-processes/
用Linux Audit API来跟踪进程

•Detecting Dynamic Loading in Android Applications With /proc/maps

1
2
https://sayfer.io/blog/dynamic-loading-in-android-applications-with-proc-maps/
通过/proc/maps来检测Android应用动态加载

•Booting a macOS Apple Silicon kernel in QEMU

1
2
https://worthdoingbadly.com/xnuqemu3/
用qemu来启动MacOS

•[Linux Kernel Exploitation 0x0] Debugging the Kernel with QEMU

1
2
https://blog.k3170makan.com/2020/11/linux-kernel-exploitation-0x0-debugging.html
linux内核利用系列文章第一篇QEMU调试内核

•Sleep Attack: Intel Bootguard vulnerability waking from S3

1
2
https://trmm.net/Sleep_attack/
利用intel cpu s3特性进行利用

•How to get root on Ubuntu 20.04 by pretending nobody’s /home

1
2
https://securitylab.github.com/research/Ubuntu-gdm3-accountsservice-LPE
ubuntu20.04 提权漏洞分析

•Exploring the Exploitability of “Bad Neighbor”: The Recent ICMPv6 Vulnerability (CVE-2020-16898)

1
2
https://blog.zecops.com/vulnerabilities/exploring-the-exploitability-of-bad-neighbor-the-recent-icmpv6-vulnerability-cve-2020-16898/
ICMPv6 (CVE-2020-16898)漏洞分析

•Intel Coverage Security and Management Engine

1
2
https://www.intel.com/content/dam/www/public/us/en/security-advisory/documents/intel-csme-security-white-paper.pdf
Intel Coverage Security and Management Engine白皮书

•Windows RpcEptMapper Service Insecure Registry Permissions EoP

1
2
https://itm4n.github.io/windows-registry-rpceptmapper-eop/
Windows RpcEptMapper 服务本地提权漏洞分析

浏览器漏洞相关

•Try to in-place transition during map update

1
2
https://chromium.googlesource.com/v8/v8.git/+/3ba21a17ce2f26b015cc29adc473812247472776%5E%21/#F3
CVE-2020-16009: v8 新 0day

•Actions Speak Browser Than Words (Exploiting n-days for fun and profit)

1
2
https://www.youtube.com/watch?v=L7aiFKDg0Jk
maxpl0it关于IE以及Firefox n day的利用过程分析

•[JSC] Assert Operation and HostFunction are in JITOperationsList

1
2
https://github.com/WebKit/webkit/commit/2ffeeff4dfb86a74ae695dea8671fccc423559adhttps://trac.webkit.org/search?q=JIT-caging
webkit中引入了更强的JIT-Caging机制

•JavaScriptCore Internals Part I: Tracing JavaScript Source to Bytecode

1
2
https://zon8.re/posts/jsc-internals-part1-tracing-js-source-to-bytecode/
JSC 从源码到字节码分析的文章

•V8: Turbofan fails to deoptimize code after map deprecation, leading to type confusion

1
2
https://bugs.chromium.org/p/project-zero/issues/detail?id=2106
v8 issue2106  map deprecation相关漏洞

•WebAssembly compilation pipeline

1
2
https://v8.dev/docs/wasm-compilation-pipeline
v8中WebAssembly编译过程分析

•Deep Dive into Site Isolation (Part 1)

1
2
https://microsoftedge.github.io/edgevr/posts/deep-dive-into-site-isolation-part-1/
对chrome中Site Isolation实现的分析

•[compiler] Fix use of HeapObjectMatcher

1
https://github.com/v8/v8/commit/27900f17b845b8881d8328ef70b1bccba8984bbcv8 cve-2020-16013 commit

•Firefox Vulnerability Research Part 2

1
2
https://blog.exodusintel.com/2020/11/10/firefox-vulnerability-research-part-2/
firfox漏洞研究文章系列第二篇

•Warp: Improved JS performance in Firefox 83

1
2
https://hacks.mozilla.org/2020/11/warp-improved-js-performance-in-firefox-83/
Firefox 83 Warp特性大幅提升js的性格

应用程序漏洞相关

•CVE-2020-16877: Exploiting Microsoft Store Games

1
2
https://labs.ioactive.com/2020/11/cve-2020-16877-exploiting-microsoft.html
漏洞利用Microsoft Store Games

•DIVING INTO A WEBSOCKET VULNERABILITY IN APACHE TOMCAT

1
2
https://blog.redteam-pentesting.de/2020/websocket-vulnerability-tomcat/
TOMCAT CVE-2020-13935 websocket漏洞分析

•Breaking The Facebook For Android Application

1
2
https://www.ash-king.co.uk/blog/facebook-bug-bounty-09-18
Facebook app漏洞分析

•Attack of the clones: Git clients remote code execution

1
2
3
https://blog.blazeinfosec.com/attack-of-the-clones-github-desktop-remote-code-execution/
https://legalhackers.com/advisories/Git-LFS-RCE-Exploit-CVE-2020-27955.html
git 客户端代码执行漏洞

•Active SaltStack CVEs Announced

1
2
https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
SaltStack代码执行漏洞CVE-2020-16846分析

•CVE-2020-16995: Microsoft Azure Network Watcher Linux Extension EoP

1
https://www.intezer.com/blog/cloud-security/cve-2020-16995-microsoft-azure-network-watcher-linux-extension/Microsoft Azure Network Watcher 提权漏洞CVE-2020-16995分析

•SAD DNS — New Flaws Re-Enable DNS Cache Poisoning Attacks

1
https://thehackernews.com/2020/11/sad-dns-new-flaws-re-enable-dns-cache.htmlCVE-2020-25705 DNS投毒分析

•apache-openoffice-rce-via-uno-links

1
2
https://github.com/irsl/apache-openoffice-rce-via-uno-links
Apache OpenOffice RCE (CVE-2020-13958) poc

•Interesting case of SQLi

1
2
https://medium.com/@mrnikhilsri/interesting-case-of-sqli-84cc3f4a5255
SQLi 案例分析

•Decrypting OpenSSH sessions for fun and profit

1
2
https://research.nccgroup.com/2020/11/11/decrypting-openssh-sessions-for-fun-and-profit/
OpenSSH session 解密分析

工具相关

•CobaltStrike

1
2
https://github.com/Freakboy/CobaltStrike
CobaltStrike 源码泄露

其它

•Hacking in an epistolary way: implementing kerberoast in pure VBA

1
2
https://adepts.of0x.cc/kerberoast-vba-macro/
通过VBA来实现kerberoast

•Let’s Encrypt issues new Root and Intermediate Certificates

1
https://scotthelme.co.uk/lets-encrypts-new-root-and-intermediate-certificates/证书加密分析

•The Art of the Honeypot Account: Making the Unusual Look Normal

1
2
https://www.hub.trimarcsecurity.com/post/the-art-of-the-honeypot-account-making-the-unusual-look-normal
搭建Honeypot Account的技巧

•China and Vulnerability Research

1
2
https://medium.com/@thegrugq/china-and-vulnerability-research-dc617c993c4ehttps://medium.com/@thegrugq/cyber-security-motivations-guessing-game-cbb404728ec7
中国漏洞研究现状研究

•The Chromium Projects Quarterly Updates

1
2
https://www.chromium.org/Home/chromium-security/quarterly-updates
谷歌安全团队每季度更新的动态

•Oops, I missed it again!

1
2
https://googleprojectzero.blogspot.com/2020/11/oops-i-missed-it-again.html
p0发布的关于曾经研究过没发现漏洞,补丁公布后知道漏洞存在的过程

•Hunting for Malicious Packages on PyPI

1
2
https://jordan-wright.com/blog/post/2020-11-12-hunting-for-malicious-packages-on-pypi/
PyPI 恶意安装包分析
Page View
⬆︎UP