今日导读:竹节虫:暗藏在常用工具软件中的后门、CrySiS勒索病毒变种分析、Cisco ASA 拒绝服务&远程代码执行漏洞分析、Linux Kernel多个版本提权poc、Sysmon中的检测逃脱、从Azure虚拟机恢复明文密码等。

【病毒区】
1、竹节虫:暗藏在常用工具软件中的后门
http://mp.weixin.qq.com/s?__biz=MzA3NTQ3ODI0NA==&mid=2247484295&idx=1&sn=08187a989a2a02fa44ae6495333e0823&chksm=9f6ea60ca8192f1ac80ac4285bb49be871f60bfed29e4dc9fde9e929d4d914a385262304d124&mpshare=1&scene=1&srcid=0319j6Eck05LxX0ElZw7XPkr

2、CrySiS勒索病毒变种分析
https://xianzhi.aliyun.com/forum/topic/2180

【漏洞分析区】
3、CVE-2018-0101 Cisco ASA 拒绝服务&远程代码执行漏洞分析
https://www.anquanke.com/post/id/101446

4、Linux Kernel < 3.16.39 (Debian 8 x64) - 'inotfiy' Local Privilege Escalation
https://www.exploit-db.com/exploits/44302/

5、Linux Kernel < 4.4.0-116 (Ubuntu 16.04.4) - Local Privilege Escalation
https://www.exploit-db.com/exploits/44298/

6、Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation
https://www.exploit-db.com/exploits/44300/

7、Linux Kernel 4.13 (Debian 9) - Local Privilege Escalation
https://www.exploit-db.com/exploits/44303/

8、Huawei Mate 7 - '/dev/hifi_misc' Privilege Escalation
https://www.exploit-db.com/exploits/44306/

【技术分享区】
9、"Test Your DFIR Tools: Sysmon Edition" :How an escaping bug might be evading your detection of command line arguments.
http://www.danielbohannon.com/blog-1/2018/3/19/test-your-dfir-tools-sysmon-edition

10、Exploitation on ARM-based Systems
https://github.com/sashs/arm_exploitation/blob/master/exploitation_on_arm_based_systems.pdf

11、一次过反爬虫的过五关斩六将
https://xianzhi.aliyun.com/forum/topic/2176

12、跟我一步一步审计.net程序
https://xianzhi.aliyun.com/forum/topic/2178

13、Recovering plaintext passwords from Azure VMs like it's the 1990s
https://www.guardicore.com/2018/03/recovering-plaintext-passwords-azure/

14、Android中实现(类方法指令抽取方式)加固方案原理解析
http://www.wjdiankong.cn/archives/1118

15、macOS Unified log: 1 why, what and how
https://eclecticlight.co/2018/03/19/macos-unified-log-1-why-what-and-how/

16、Fuzzing: the new unit testing-Covers a bit of fuzzing in general, go-fuzz and how to write efficient fuzzers and finding logical bugs with fuzzing.
https://go-talks.appspot.com/github.com/dvyukov/go-fuzz/slides/fuzzing.slide

17、Best Programming Languages to Learn for Malware Analysis
https://www.malwaretech.com/2018/03/best-programming-languages-to-learn-for-malware-analysis.html

18、SecWiki周刊(2018/03/12-2018/03/18)
https://www.sec-wiki.com/weekly/211

19、OffensiveCon 2018 Videos
https://www.youtube.com/channel/UCMNvAtT4ak2azKNk6UlB1QQ

【赏金漏洞区】
20、Leaking Facebook Internal Ip Infrastructure
http://misteralfa-hack.blogspot.hk/2018/03/leaking-facebook-internal-ip.html

【工具区】
工具#Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS
https://github.com/eladshamir/Internal-Monologue

工具#Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities.
https://github.com/rapid7/metasploitable3

工具#ACRN is an open source reference hypervisor, built to meets the unique needs of embedded IoT development.
https://projectacrn.org/

工具#Red Team Automation (RTA) provides a framework of scripts designed to allow blue teams to test their detection capabilities against malicious tradecraft, modeled after MITRE ATT&CK.
https://github.com/endgameinc/RTA

点击收藏 | 0 关注 | 1
  • 动动手指,沙发就是你的了!
登录 后跟帖