今日导读:Comnie继续将目标锁定在东亚、阿拉伯之夜攻击小组全球扩张计划(针对韩国加密货币交易所的网络攻击)、GandCrab勒索软件通过RIG和GrandSoft进行传播、新变种的Scarab勒索软件、JS挖矿机利用广告分发平台,大规模攻击江苏湖南网民、Oracle MICROS POS系统存在目录遍历漏洞(poc已发布)、Chromium存在沙盒绕过漏洞、Windows 10 RS3中的EMET攻击面、利用Visual Studio Tools for Office来绕过白名单限制、教你如何开始研究ip越狱技术的文章、2017年度供应链攻击报告等,还有Cisco ASA RCE的IDS防护规则等工具介绍。
记得发布的图片也要看!

1、Comnie Continues to Target Organizations in East Asia
https://researchcenter.paloaltonetworks.com/2018/01/unit42-comnie-continues-target-organizations-east-asia/

2、Operation Arabian Night Attack Group Global Expansion(cyber attacks against South Korean cryptocurrency exchanges)
https://translate.google.com/translate?sl=auto&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=http%3A%2F%2Fblog.alyac.co.kr%2F1519&edit-text=&act=url

3、GandCrab ransomware distributed by RIG and GrandSoft exploit kits
https://blog.malwarebytes.com/threat-analysis/2018/01/gandcrab-ransomware-distributed-by-rig-and-grandsoft-exploit-kits/

4、Scarab ransomware: new variant changes tactics
https://blog.malwarebytes.com/threat-analysis/2018/01/scarab-ransomware-new-variant-changes-tactics/

5、JS挖矿机利用广告分发平台 大规模攻击江苏湖南网民
http://www.freebuf.com/column/161844.html

6、Ransom Where? Malicious Cryptocurrency Miners Takeover, Generating Millions
http://blog.talosintelligence.com/2018/01/malicious-xmr-mining.html

7、Oracle MICROS POS系统目录遍历漏洞(CVE-2018-2636)
https://erpscan.com/press-center/blog/oracle-micros-pos-breached/

工具#POC-Oracle MICROS POS系统目录遍历漏洞
https://github.com/erpscanteam/CVE-2018-2636

9、Chromium: Sandbox escape via exposed "filesystem::mojom::Directory" mojo interface in "catalog" service
https://bugs.chromium.org/p/project-zero/issues/detail?id=1450

10、The EMET Attack Surface Reduction Replacement in Windows 10 RS3: The Good, the Bad, and the Ugly
https://posts.specterops.io/the-emet-attack-surface-reduction-replacement-in-windows-10-rs3-the-good-the-bad-and-the-ugly-34d5a253f3df

11、代码审计“吃鸡”辅助外挂黑色产业链
http://www.freebuf.com/articles/system/161518.html

12、JAVA代码审计之团队CMS v1.0
http://foreversong.cn/archives/1033

13、Visual Studio Tools for Office (VSTO):The Payload Installer That Probably Defeats Your Application Whitelisting Rules
https://bohops.com/2018/01/31/vsto-the-payload-installer-that-probably-defeats-your-application-whitelisting-rules/

14、Modern exploitation techniques in jailbreaking
http://blog.tihmstar.net/2018/01/modern-post-exploitation-techniques.html

15、Running latest x64 Mimikatz on Windows 10
https://astr0baby.wordpress.com/2018/01/30/running-latest-x64-mimikatz-on-windows-10/

16、PWN学习之house of系列(一)
https://paper.seebug.org/521/

17、Windows Privilege Escalation Guide
http://www.sploitspren.com/2018-01-26-Windows-Privilege-Escalation-Guide/

18、Internals of AFL fuzzer - Compile Time Instrumentation
https://tunnelshade.in/blog/2018/01/afl-internals-compile-time-instrumentation/

19、微信唤醒支付宝红包的“另类”姿势
https://mp.weixin.qq.com/s/XSdxUghCDAfCeaeYghruOQ

20、2017年度安全报告——供应链攻击
https://www.anquanke.com/post/id/96721

工具#Cisco ASA RCE / CVE-2018-0101 IDS Signatures
https://gist.github.com/fox-srt/09401dfdfc15652b22956b9cc59f71cb

工具#AliVcode:各种滑动验证码识别,非模拟
https://github.com/leng-yue/AliVcode

工具#Quick Android Review Kit - This tool is designed to look for several security related Android application vulnerabilities, either in source code or packaged APKs.
https://github.com/linkedin/qark

工具#Tool Analysis Result Sheet:summarizes the results of examining logs recorded in Windows upon execution of the 49 tools which are likely to be used by the attacker that has infiltrated a network.
https://jpcertcc.github.io/ToolAnalysisResultSheet/

工具#SocialFish v1.0:Ultimate phishing tool with Ngrok integrated.
https://github.com/UndeadSec/SocialFish

工具#Infoga is a tool for gathering e-mail accounts information (ip,hostname,country,...) from different public sources (search engines, pgp key servers)
https://github.com/m4ll0k/Infoga

工具#kDriver Fuzzer:基于ioctlbf框架编写的驱动漏洞挖掘工具
https://github.com/k0keoyo/kDriver-Fuzzer

点击收藏 | 0 关注 | 1
  • 动动手指,沙发就是你的了!
登录 后跟帖