今日导读:剖析Hancitor 2018年最新的Packer、分析Ploutus.D恶意软件的.NET保护机制、SAML存在多个安全漏洞,可劫持任意用户账户、Google Chrome存在UAF漏洞、WooCommerce存在权限提升漏洞、然之协同存在远程代码执行漏洞、clipbucket存在命令执行,任意文件上传和注入漏洞、CVE-2018-4087的PoC:通过误导bluetoothd逃离沙盒、Tomcat CVE-2018-1305 分析、Chrome 扩展安全研究: 一个UXSS的挖掘经历、内存标记是如何提高C / C ++内存安全性的、开源PHP应用的安全现状报告、lahitapiola一个价值$6,300的bash漏洞、PS4 4.54和5.01越狱工具等。

1、Dissecting Hancitor’s Latest 2018 Packer
https://researchcenter.paloaltonetworks.com/2018/02/unit42-dissecting-hancitors-latest-2018-packer/

2、Analyzing the nasty .NET protection of the Ploutus.D malware.
http://antonioparata.blogspot.it/2018/02/analyzing-nasty-net-protection-of.html

3、Duo Finds SAML Vulnerabilities Affecting Multiple Implementations
https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations

4、Google Chrome "PDFiumEngine::HandleEvent()" Use-After-Free Vulnerability (CVE-2018-6031)
https://bugs.chromium.org/p/chromium/issues/detail?id=780450

5、Privilege escalation in 2.3 million WooCommerce shops via new PHP object injection
https://blog.ripstech.com/2018/woocommerce-php-object-injection/

6、最新然之协同(包含专业版)及喧喧及时聊天系统远程命令执行漏洞详解
https://xianzhi.aliyun.com/forum/topic/2073

7、os command injection, arbitrary file upload & sql injection in clipbucket
https://www.sec-consult.com/en/blog/advisories/os-command-injection-arbitrary-file-upload-sql-injection-in-clipbucket/index.html

8、CVE-2018-4087 PoC: Escaping the sandbox by misleading bluetoothd
https://blog.zimperium.com/cve-2018-4087-poc-escaping-sandbox-misleading-bluetoothd/

9、SMBv3 Null Pointer Dereference vulnerability (CVE-2018-0833)
https://krbtgt.pw/smbv3-null-pointer-dereference-vulnerability/

10、Tomcat CVE-2018-1305 分析
https://mp.weixin.qq.com/s/PZsOQy2lpR1lHqLWmAXlbg

11、Analyzing of Linux kernel isdn_net IOCTL Memory Corruption Vulnerability (CVE-2017-12762)
https://xorl.wordpress.com/2018/02/24/cve-2017-12762-linux-kernel-isdn_net-ioctl-memory-corruption/

12、Chrome 扩展安全研究: 一个UXSS的挖掘经历
https://www.anquanke.com/post/id/98917

13、Fun with PHP deserialization and some accidental WordPress bugs
https://nickbloor.co.uk/2018/02/28/popping-wordpress/

14、OSS对象存储上传解析漏洞
https://xianzhi.aliyun.com/forum/topic/2078

15、SGXPECTRE Attacks: Leaking Enclave Secrets via Speculative Execution
https://arxiv.org/pdf/1802.09085.pdf

16、The Evolution of CFI Attacks and Defenses
https://github.com/Microsoft/MSRC-Security-Research/blob/master/presentations/2018_02_OffensiveCon/The%20Evolution%20of%20CFI%20Attacks%20and%20Defenses.pdf

17、How Malware fools Sandboxes with complex Installation Procedures
https://www.joesecurity.org/blog/562460874763392177

18、auditing Active Directory using BloodHound — Part Two
https://posts.specterops.io/introducing-the-adversary-resilience-methodology-part-two-279a1ed7863d

19、Identifying PowerShell Empire Command and Control Activity from host and network side.
https://www.sans.org/reading-room/whitepapers/detection/disrupting-empire-identifying-powershell-empire-command-control-activity-38315

20、Memory Tagging and how it improves C/C++ memory safety
https://arxiv.org/ftp/arxiv/papers/1802/1802.09517.pdf

21、The Security State of Open Source PHP Applications(via RIPS)
https://files.ripstech.com/slides/The_Security_State_of_Open_Source_PHP_Applications.pdf

22、RCE using bash command injection on /system/images (toimitilat.lahitapiola.fi) ($6,300)
https://hackerone.com/reports/303061

23、myshopify.com domain takeover($1000)
https://hackerone.com/reports/320355

工具#a full 4.55 PS4 jailbreak
https://github.com/Cryptogenic/PS4-4.55-Kernel-Exploit

25、PS4 5.01 WebKit Exploit PoC
https://github.com/ALEXZZZ9/PS4-5.01-WebKit-Exploit-PoC

工具#微盾®防火墙是一款专为 Windows 服务器而开发的专业防火墙软件,能有效提升服务器安全级别,保护服务器免遭入侵。本软件授权个人免费使用,无任何功能限制。
https://github.com/dekuan/VwFirewall

工具#Honeytrap is an extensible and opensource system for running, monitoring and managing honeypots.
https://github.com/honeytrap/honeytrap

工具#static-arm-bins:Statically compiled ARM binaries for debugging and runtime analysis
https://github.com/therealsaumil/static-arm-bins/

工具#AD-control-paths:Active Directory Control Paths auditing and graphing tools
https://github.com/ANSSI-FR/AD-control-paths

工具#Keylogger / Mouse Click Recording written to be executed inside InstallUtil.
https://gist.github.com/caseysmithrc/98ac65cfe47d9064f6b728be506ec5a6

工具#dnsjit:Engine for capturing, parsing and replaying DNS
https://github.com/DNS-OARC/dnsjit

工具#RamFuzz is a fuzzer for individual method parameters in unit tests.
https://github.com/dekimir/RamFuzz

点击收藏 | 0 关注 | 1
  • 动动手指,沙发就是你的了!
登录 后跟帖