今日导读:CoinMiner和其他针对Android的挖矿病毒(Google Play应用)、僵尸物联网收割者:僵尸网络服务中的1Day和0Day漏洞、Kaseya VSA挖矿病毒的攻击载荷分析、逆向Burp Keygen(burp-loader-keygen1.7.31.jar)结果发现是恶意软件!、TheMoon : 一个僵尸网络的老皇历和新变种、Hotspot Shield存在信息泄露漏洞、CVE-2018-18078:systemd-tmpfiles root权限提升漏洞、VyprVPN macOS版本漏洞利用、通过GPO枚举远程访问策略、分析FreeBSD中的多个堆栈泄露漏洞、PHP源码调试之Windows文件通配符分析等,还有一些实用工具介绍。
最后,别忘了看今天的图片,Cisco vpn存在一个cvss 10的远程漏洞!

1、CoinMiner and other malicious cryptominers targeting Android(Google Play app)
https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/sophos-coinminer-and-other-malicious-cryptominers-tpna.aspx

2、Grim IoT Reaper: 1- and 0-day vulnerabilities at the service of botnets
https://embedi.com/blog/grim-iot-reaper-1-and-0-day-vulnerabilities-at-the-service-of-botnets/

3、Technical analysis of the Kaseya VSA mining payload w/details on the new registry keys & backdoored Scheduled Task.
https://medium.com/huntresslabs/deep-dive-kaseya-vsa-mining-payload-c0ac839a0e88

4、Reversing a Burp Keygen (burp-loader-keygen1.7.31.jar), guess what? It's malware!
https://0x00sec.org/t/malware-reversing-burpsuite-keygen/5167

5、你的CAD图纸被盗了吗?
http://www.freebuf.com/articles/database/161074.html

6、TheMoon : 一个僵尸网络的老皇历和新变种
http://blog.netlab.360.com/themoon-botnet-a-review-and-new-features/

7、Hotspot Shield Information Disclosure
https://blogs.securiteam.com/index.php/archives/3604

8、CVE-2018-18078: systemd-tmpfiles root privilege escalation with fs.protected_hardlinks=0
http://seclists.org/oss-sec/2018/q1/115

9、Exploiting VyprVPN for macOS
https://versprite.com/og/exploiting-vypervpn-macos/

10、Enumerating remote access policies through GPO
https://labs.mwrinfosecurity.com/blog/enumerating-remote-access-policies-through-gpo/

11、Analysis of stack disclosure vulnerabilities in FreeBSD compatibility layers
https://cturt.github.io/compat-info-leaks.html

12、Escape Analysis in Turbofan
https://docs.google.com/presentation/d/1YdpdI1aeBnlchyAYvjw1Alm3QcoenPm6x4D7DA4pQUY/edit

13、企业壳的反调试及Hook检测分析
http://www.freebuf.com/articles/es/160656.html

14、Unity3d类安卓游戏逆向分析初探
https://mp.weixin.qq.com/s/92z8oMpvvcDmp3vaqeD7mw

15、PHP源码调试之Windows文件通配符分析
https://xianzhi.aliyun.com/forum/topic/2004

16、2017年Windows漏洞盘点报告
http://www.freebuf.com/column/161717.html

17、python安全和代码审计相关资料收集
https://github.com/bit4woo/python_sec

18、How I could have hacked Facebook Analytics to view any Facebook page's Analytics- $7500
http://whitehatstories.blogspot.in/2018/01/how-i-could-have-hacked-facebook.html

工具#ver-observer:一个通用检测web依赖版本的工具 一个通用检测web依赖版本的工具
https://github.com/neargle/ver-observer

工具#Linux Kernel Runtime Guard (LKRG) is a loadable kernel module that performs runtime integrity checking of the Linux kernel and detection of security vulnerability exploits against the kernel.
http://www.openwall.com/lkrg/

工具#AutoRepeater: Automated HTTP Request Repeating With Burp Suite
https://github.com/nccgroup/AutoRepeater

工具#Drop is an experimental IDA Pro plugin capable of detecting several types of opaque predicates in obfuscated binaries by making use of the symbolic-execution engine angr and its components.
https://github.com/Riscure/DROP-IDA-plugin

工具#PSScriptAnalyzer is shipped with a collection of built-in rules that checks various aspects of PowerShell code such as presence of uninitialized variables, usage of PSCredential Type, usage of Invoke-Expression etc.
https://github.com/PowerShell/PSScriptAnalyzer

点击收藏 | 0 关注 | 1
  • 动动手指,沙发就是你的了!
登录 后跟帖