今日导读:对Gooligan(Android OAuth盗取僵尸网络)的探究、智能相机安全探究、Squirrelmail存在目录遍历漏洞允许从服务器中提取文件、大量的etcd存在未鉴权信息泄露问题、Firefox中的Master password存在安全问题、CVE-2017-0135漏洞分析:利用Edge浏览器的XSS过滤器绕过CSP 、在Empire和Msfconsole下利用Eternalblue漏洞、RDP劫持、破解爱国者加密硬盘、思科2018年度网络安全报告、Facebook的存储型xss等,还有一堆工具介绍。

另:周六的资讯放在最下面。

【病毒区】
1、Taking down Gooligan(Android OAuth stealing botnet): part 1 — overview
https://www.elie.net/blog/security/taking-down-gooligan-part-1-overview

2、Somebody’s watching! When cameras are more than just ‘smart’
https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/

【漏洞分析区】
3、Squirrelmail directory traversal vulnerability allows exfiltrating files from server
http://www.openwall.com/lists/oss-security/2018/03/17/2

4、The security footgun in etcd
https://elweb.co/the-security-footgun-in-etcd/

5、Master password in Firefox or Thunderbird? Do not bother!
https://palant.de/2018/03/10/master-password-in-firefox-or-thunderbird-do-not-bother

6、CVE-2017-0135漏洞分析:利用Edge浏览器的XSS过滤器绕过CSP
http://www.freebuf.com/articles/web/164871.html

7、/sbin/dhclient Ubuntu AppArmor profile bypass
https://gist.github.com/sirdarckcat/fe8ce94ef25de375d13b7681d851b7b4

8、jfinal 急速开发框架分析与挖掘
https://xianzhi.aliyun.com/forum/topic/2174

9、Node.js postgres 从 SQL注入到代码执行(2017)
https://zhuanlan.zhihu.com/p/28575189

【技术分享区】
10、Exploiting Eternalblue for shell with Empire & Msfconsole
https://www.hackingtutorials.org/exploit-tutorials/exploiting-eternalblue-for-shell-with-empire-msfconsole/

11、Forensic Acquisition Of Solid State Drives With Open Source Tools
https://articles.forensicfocus.com/2018/03/13/forensic-acquisition-of-solid-state-drives-with-open-source-tools/

12、the iPhone 7 10.0 / 10.1 KTRR bypass fully-atomic and thread-safe ROP chain
http://yalu.qwertyoruiop.com/y7.txt

13、Active Directory as a C2 (Command & Control)
https://akijosberryblog.wordpress.com/2018/03/17/active-directory-as-a-c2-command-control/

14、VHD to Domain Admin
https://rastamouse.me/2018/02/vhd-to-da/

15、判断浏览器控制台是否打开(Chrome 65 做了一次更新,之前的方法失效了,这次利用样式输出“%c”)
https://stackoverflow.com/questions/7798748/find-out-whether-chrome-console-is-open/30638226#30638226

16、RDP hijacking — how to hijack RDS and RemoteApp sessions transparently to move through an organisation(2017)
https://medium.com/@networksecurity/rdp-hijacking-how-to-hijack-rds-and-remoteapp-sessions-transparently-to-move-through-an-da2a1e73a5f6

17、Cracking Aigo Chinese Encrypted External Hard Drive (Part 1)
https://syscall.eu/blog/2018/03/12/aigo_part1/

18、Cracking Aigo Chinese Encrypted External Hard Drive (Part 2)
https://syscall.eu/blog/2018/03/12/aigo_part2/

19、Disrupting the Empire: Identifying PowerShell Empire Command and Control Activity(2017)
https://www.sans.org/reading-room/whitepapers/incident/disrupting-empire-identifying-powershell-empire-command-control-activity-38315

20、Advanced Incident Detection and Threat Hunting using Sysmon(and Splunk)(2016)
https://www.botconf.eu/wp-content/uploads/2016/11/PR12-Sysmon-UELTSCHI.pdf

21、Attack & Detection:Hunting In-Memory Adversaries with Rekall and WinPmem(2015)
https://holisticinfosec.org/toolsmith/pdf/may2015.pdf

22、Investigating PowerShell Attacks(2014)
https://www.fireeye.com/content/dam/fireeye-www/global/en/solutions/pdfs/wp-lazanciyan-investigating-powershell-attacks.pdf

23、2017年百度安全技术精选
https://mp.weixin.qq.com/s/6evxKjAzc3sweIQrbC3QrA

24、Cisco 2018 Annual Cybersecurity Report
https://www.cisco.com/c/en/us/products/security/security-reports.html?CCID=cc000160&DTID=psootr000791&OID=anrsc005679

【赏金漏洞区】
25、"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
https://github.com/EdOverflow/can-i-take-over-xyz

26、Stored XSSes in Facebook wall by embedding an external video with Open Graph.
https://opnsec.com/2018/03/stored-xss-on-facebook/

27、Uncovering a Bug in Cloudflare's Minification Service
https://blog.jli.host/posts/cf-auto-minify/

【工具区】
工具#The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection.
https://github.com/guardicore/monkey

工具#Pyrate:Practice Web App written in python with some vulnerabilities.
https://github.com/rojan-rijal/Pyrate

工具#Shellcode-Via-HTA:Execute Shellcode via HTA
https://github.com/johnjohnsp1/Shellcode-Via-HTA

工具#deplug:Next generation packet analyzer (WIP) (formerly Dripcap)
https://github.com/deplug/deplug

工具#SAP-Dissection-plug-in-for-Wireshark:This Wireshark plugin provides dissection on SAP's NI, Message Server, Router, Diag and Enqueue protocols.
https://github.com/CoreSecurity/SAP-Dissection-plug-in-for-Wireshark

工具#s3-inspector:Tool to check AWS S3 bucket permissions
https://github.com/kromtech/s3-inspector

工具#Tokenvator, A tool to elevate privilege with Windows Tokens
https://github.com/0xbadjuju/Tokenvator

工具#OCRs screenshots and makes them searchable from spotlight
https://gist.github.com/pnc/b7fb38d70f157cd40595d9e52bebc055

工具#firepwd.py, an open source tool to decrypt Mozilla protected passwords
https://github.com/lclevy/firepwd
https://github.com/lclevy/firepwd

工具#chinese-independent-developer:中国独立开发者项目列表 -- 分享大家都在做什么
https://github.com/1c7/chinese-independent-developer

周六!!
【病毒区】
1、MsraMiner: 潜伏已久的挖矿僵尸网络
https://blog.netlab.360.com/msraminer-qian-fu-yi-jiu-de-wa-kuang-jiang-shi-wang-luo/

2、Suspected Chinese Cyber Espionage Group (TEMP.Periscope) Targeting U.S. Engineering and Maritime Industries
https://www.fireeye.com/blog/threat-research/2018/03/suspected-chinese-espionage-group-targeting-maritime-and-engineering-industries.html

【漏洞分析区】
3、Google Chrome Canvas Filter Timing Attack Vulnerability (CVE-2018-6077)
https://bugs.chromium.org/p/chromium/issues/detail?id=778506

4、CVE-2017-16995 Ubuntu16.04本地提权漏洞复现
http://www.cnblogs.com/backlion/p/8584177.html

工具#Ubuntu本地提权 EXP
http://cyseclabs.com/exploits/upstream44.c

6、CSP bypass via jQuery Gadget
https://jsbin.com/xuqakimewu/edit?html,output

7、Leaking WordPress CSRF Tokens for Fun, $1337 bounty, and CVE-2017-5489
https://ahussam.me/Leaking-WordPress-CSRF-Tokens/

8、Abusing Text Editors with Third-party Plugins
https://safebreach.com/Post/Abusing-Text-Editors-with-Third-party-Plugins

9、More on ASM.JS Payloads and Exploitation
http://rh0dev.github.io/blog/2018/more-on-asm-dot-js-payloads-and-exploitation/

工具#Firefox 46.0.1 - ASM.JS JIT-Spray Remote Code Execution
https://www.exploit-db.com/exploits/44293/

工具#Firefox 44.0.2 - ASM.JS JIT-Spray Remote Code Execution
https://www.exploit-db.com/exploits/44294/

【技术分享区】
12、Abusing Exported Functions and Exposed DCOM Interfaces for Pass-Thru Command Execution and Lateral Movement
https://bohops.com/2018/03/17/abusing-exported-functions-and-exposed-dcom-interfaces-for-pass-thru-command-execution-and-lateral-movement/

13、Impersonating Office 365 Users With Mimikatz
https://www.dsinternals.com/en/impersonating-office-365-users-mimikatz/

14、反序列化之PHP原生类的利用
http://www.cnblogs.com/iamstudy/articles/unserialize_in_php_inner_class.html

15、Linux Heap Exploitation Intro Series: Set you free() – part 1
https://sensepost.com/blog/2018/linux-heap-exploitation-intro-series-set-you-free-part-1/

16、everything i know about iOS Dualboot
https://nyansatan.github.io/dualboot/

17、Quick win with GraphQL
https://staaldraad.github.io/post/2018-03-16-quick-win-with-graphql/

18、Top Five Ways I gained access to Your Corporate Wireless Network
https://medium.com/@adam.toscher/top-5-ways-i-gained-access-to-your-corporate-wireless-network-lo0tbo0ty-karma-edition-f72e7995aef2

19、How Webkit Protecting Against HSTS Abuse
https://webkit.org/blog/8146/protecting-against-hsts-abuse/

20、#TR18 talk#Defending Microsoft Environments at Scale
https://drive.google.com/file/d/1QXjmlPRvfiRBnqzNpsTQo5bn0xKQoNc4/view

21、#TR18 talk#Developing a Comprehensive Active Directory Security Metric
https://www.ernw.de/download/TR18_ERNW_AD_Metrics_v1_0_signed.pdf

22、The Android Security Report for 2017 from Google
https://source.android.com/security/reports/Google_Android_Security_2017_Report_Final.pdf

【赏金漏洞区】
23、How Apollo Hospitals leaked 1 million customer details
http://blog.shashank.co/2018/03/how-apollo-hospitals-leaked-1-million.html

【工具区】
工具#wargame-nexus:An sorted and updated list of security wargame sites.
https://github.com/zardus/wargame-nexus

工具#OSCP-cheat-sheet:list of useful commands, shells and notes related to OSCP
https://github.com/crsftw/OSCP-cheat-sheet

工具#clickbandit:A JavaScript clickjacking PoC generator
https://github.com/hackvertor/clickbandit

工具#haystack:Signature Spoofing Patcher for Android
https://github.com/Lanchon/haystack

工具#ida-evm:IDA Processor Module for the Ethereum Virtual Machine (EVM)
https://github.com/trailofbits/ida-evm

点击收藏 | 0 关注 | 1
  • 动动手指,沙发就是你的了!
登录 后跟帖