今日导读:分析OSX/CreativeUpdater>通过macupdate.com分发的macOS平台病毒、新型勒索病毒Mindlost技术分析、分析PlugX家族的变种及其构建器、wordpress存在dos漏洞及其poc、Cisco VPN 0Day漏洞详情及其crash poc、chrome扩展Grammarly(大约22M用户)存在授权漏洞、Jackson dbcp gadget以及CVE-2018-5968、某开源商城前台getshell代码审计、一种通过公钥证书标准(X.509)进行秘密信道数据交换的新方法、如何自己的DNS日志监控系统、2017中国信息安全从业人员现状调研报告、2017年“信息安全”项目公开招标TOP榜等。

1、New Flash Player zero-day comes inside Office document
https://blog.malwarebytes.com/cybercrime/2018/02/new-flash-player-zero-day-comes-inside-office-document/

2、Analyzing OSX/CreativeUpdater › a macOS cryptominer, distributed via macupdate.com
https://objective-see.com/blog/blog_0x29.html

3、新型勒索病毒Mindlost技术分析
https://mp.weixin.qq.com/s/dEpW-pV51Z6fSdXu9pmEvQ

4、Analysis about a variant of PlugX and its builder.
https://countuponsecurity.com/2018/02/04/malware-analysis-plugx/

5、How to DoS 29% of the World Wide Websites - CVE-2018-6389
https://baraktawily.blogspot.in/2018/02/how-to-dos-29-of-world-wide-websites.html

工具#POC of CVE-2018-6389
https://github.com/quitten/doser.py

7、Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vulnerability(details)
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/events/2018/february/recon-brussels/

工具#Cisco ASA CVE-2018-0101 Crash PoC
https://pastebin.com/YrBcG2Ln

9、The Grammarly chrome extension (approx ~22M users) exposes it's auth tokens to all websites
https://bugs.chromium.org/p/project-zero/issues/detail?id=1527&desc=2

10、Jackson dbcp gadget以及CVE-2018-5968
http://blog.csdn.net/u011721501/article/details/79257709

11、yxcms从伪xss到getshell
https://xianzhi.aliyun.com/forum/topic/2025

12、某开源商城前台getshell代码审计
http://www.cnblogs.com/r00tuser/p/8417806.html

13、CVE-2017-15944 PALO ALTO防火墙远程代码执行构造 EXP
https://d0n9.github.io/2018/01/26/CVE-2017-15944%20Palo%20Alto%E9%98%B2%E7%81%AB%E5%A2%99%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%9E%84%E9%80%A0%20EXP/

14、Attacking the Nintendo 3DS Boot ROMs
https://arxiv.org/pdf/1802.00359.pdf

15、a new method of covert channel data exchange using a well-known and widely implemented public key certificates standard (X.509) utilized in both TLS and SSL cryptographic internet protocol implementations.
https://www.fidelissecurity.com/threatgeek/2018/02/exposing-x509-vulnerabilities

16、How to bypass WAFs with a multi-encoded document
https://mohemiv.com/all/evil-xml/

17、How to Build Your Own DNS Sinkhole and DNS Logs Monitoring System
https://www.politoinc.com/single-post/2018/02/05/How-to-Build-Your-Own-DNS-Sinkhole-and-DNS-Logs-Monitoring-System

18、Android Malware Reverse Engineering
http://wikisec.free.fr/papers/androidre-insomnihack2017.pdf

19、一个人的安全部之ELK接收Paloalto日志并用钉钉告警
http://www.freebuf.com/articles/others-articles/161905.html

20、Kubernetes Security Best Practices
https://speakerdeck.com/ianlewis/kubernetes-security-best-practices

21、中国信息安全从业人员现状调研报告(2017年度)
http://www.itsec.gov.cn/zxxw/201802/P020180205605590661043.pdf

22、2017年“信息安全”项目公开招标TOP榜
https://mp.weixin.qq.com/s/ajDCSfVmw94GjPkuVSq_fw

23、SecWiki周刊(2018/01/29-2018/02/04)
https://www.sec-wiki.com/weekly/205

24、Cyber Threat Intelligence Summit & Training 2018 PPT
https://www.sans.org/summit-archives/dfir

25、How I found IDOR on Twitter’s Acquisition – Mopub.com
https://blog.securitybreached.org/2018/02/05/how-i-found-idor-on-twitters-acquisition-mopub-com/

工具#POC of CVE-2017-12542 - HP iLO heap buffer overflow
https://github.com/skelsec/CVE-2017-12542

工具#LaZagneForensic:Decrypt Windows Credentials from another host
https://github.com/AlessandroZ/LaZagneForensic

工具#Phantom-Evasion:Python AV evasion tool capable to generate FUD executable even with the most common 32 bit metasploit payload(exe/elf/dmg/apk)
https://github.com/oddcod3/Phantom-Evasion

工具#Kaitai Struct is a declarative language used for describe various binary data structures, laid out in files or in memory: i.e. binary file formats, network stream packet formats, etc.
http://kaitai.io/index.html

工具#Kaitai Struct Web IDE
https://ide.kaitai.io/

工具#cssInjection:Stealing CSRF tokens with CSS injection (without iFrames)
https://github.com/dxa4481/cssInjection

工具#KPlugs is a Linux kernel module which provides an interface for dynamically executing scripts inside the Linux kernel.
https://github.com/avielw/kplugs

工具#unixtoolsrepo64:Unix Tools Cydia/APT repo for arm64 iOS devices
https://github.com/ElectraJailbreak/unixtoolsrepo64

工具#GRV is a highly-customisable, terminal-based interface for viewing Git repos. It allows refs, commits and diffs to be viewed, searched and filtered with a query language
https://github.com/rgburke/grv

点击收藏 | 0 关注 | 1
  • 动动手指,沙发就是你的了!
登录 后跟帖