(转载)2020.11.15-11.22一周安全知识动态

2020.11.15-11.22一周安全知识动态

转自image-20200929114557052

IOT漏洞相关

•SD-PWN Part 2 — Citrix SD-WAN Center — Another Network Takeover

1
2
https://medium.com/realmodelabs/sd-pwn-part-2-citrix-sd-wan-center-another-network-takeover-a9c950a1a27c
Citrix SD-WAN Center漏洞分析

浏览器漏洞相关

•Modern attacks on the Chrome browser : optimizations and deoptimizations

1
2
https://doar-e.github.io/blog/2020/11/17/modern-attacks-on-the-chrome-browser-optimizations-and-deoptimizations/
doar-e 上新的关于v8工作机制以及漏洞Issue1016450分析的文章

•CVE-2020-17053: Use-After-Free IE Vulnerability

1
2
https://www.trendmicro.com/en_us/research/20/k/cve-2020-17053-use-after-free-ie-vulnerability.html
CVE-2020-17053 IE UAF漏洞分析

漏洞挖掘相关

•restler-fuzzer

1
2
https://www.microsoft.com/en-us/research/blog/restler-finds-security-and-reliability-bugs-through-automated-fuzzing/?OCID=msr_blog_restler_twhttps://github.com/microsoft/restler-fuzzer
微软开源了 REST API fuzzing工具

•UAFuzz: Binary-level Directed Fuzzing for Use-After-Free Vulnerabilities

1
2
https://securityonline.info/uafuzz/
目标是挖掘uaf漏洞的fuzz框架

•NYX: Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types

1
2
https://www.usenix.org/system/files/sec21summer_schumilo.pdf
usenix Hypervisor fuzz 论文

•PhD Thesis: Greybox Automatic Exploit Generation for Heap Overflows in Language Interpreters

1
2
https://sean.heelan.io/2020/11/18/phd-thesis-greybox-automatic-exploit-generation-for-heap-overflows-in-language-interpreters/
博士论文:关于语言解释器的堆漏洞自动利用

应用程序漏洞相关

•CVE-2020-26217: XStream can be used for Remote Code Execution.

1
2
https://x-stream.github.io/CVE-2020-26217.html
CVE-2020-26217: XStream远程代码执行漏洞

•Attacking JSON Web Tokens (JWTs)

1
2
https://medium.com/bugbountywriteup/attacking-json-web-tokens-jwts-d1d51a1e17cb
攻击利用 JSON WebToken

•RCE via Server-Side Template Injection

1
2
https://cyc10n3.medium.com/rce-via-server-side-template-injection-ad46f8e0c2ae
通过Server-Side模版注入实现RCE

•Consul by HashiCorp: from Infoleak to RCE

1
2
https://lab.wallarm.com/consul-by-hashicorp-from-infoleak-to-rce
Consul服务从信息泄露到rce

操作系统漏洞相关

•Issue 2073: Samsung NPU (Neural Processing Unit) memory corruption in shared memory parsing

1
2
https://bugs.chromium.org/p/project-zero/issues/detail?id=2073
Samsung NPU内存破坏漏洞,可导致提权

•Jailbreaks Never Die: Exploiting iOS 13.7

1
2
https://cyberweek.ae/materials/2020/D2T1%20-%20Jailbreaks%20Never%20Die%20-%20Exploiting%20iOS%2013.7.pdf
iOS13.7越狱技术介绍slide

•Running code in the context of iOS Kernel: Part I + LPE POC on iOS 13.7

1
2
https://blog.zecops.com/vulnerabilities/running-code-in-the-context-of-ios-kernel-part-i-lpe-poc-on-ios-13-7/
iOS内核代码执行

工具相关

•MiraclePtr and *Scan - preventing exploitation of UaF bugs (BlinkOn 13)

1
2
https://www.youtube.com/watch?v=ohlxw5kDn-k&list=PL9ioqAuyl6UJ_1hPrSWD1LpaIAeF9aaJi&index=18
MiraclePtr缓解uaf漏洞的机制

其它

•Customizing C2-Frameworks for AV-Evasion

1
2
https://s3cur3th1ssh1t.github.io/Customizing_C2_Frameworks/
设计实现过杀软的C2框架

•Does Apple really log every app you run? A technical look

1
2
https://blog.jacopo.io/en/post/apple-ocsp/
苹果日志记录分析

•0day “In the Wild”

1
2
https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=1869060786
谷歌收集的2020年在野0day信息文档

•Dynamic Invocation in .NET to bypass hooks

1
2
https://blog.nviso.eu/2020/11/20/dynamic-invocation-in-net-to-bypass-hooks/
.NET动态调用方法研究
Page View
⬆︎UP