今日导读:TrickBot银行木马又更新了新的模块、西部数据My Cloud Pro系列PR2100存在存在认证后的远程代码执行漏洞、UBUNTU提权漏洞分析、 High Sierra的统一日志(10.13)通过Disk Utility.app显示APFS加密外部卷的纯文本密码、揭秘以太坊中潜伏多年的“偷渡”漏洞,全球黑客正在疯狂偷币、Windows内核漏洞利用开发第7部分、iOS取证方法分享、2018年信息安全从业者书单推荐、Coinbase一个价值10,000美金的以太坊账户余额操纵漏洞、Google价值3133.7美金的存储型XSS等。

【病毒区】
1、TrickBot Banking Trojan Adapts with New Module
https://www.webroot.com/blog/2018/03/21/trickbot-banking-trojan-adapts-new-module/

【漏洞分析区】
2、Google Chrome "ValidateTexImageSubRectangle()" Integer Overflow Vulnerability (CVE-2018-6034)
https://bugs.chromium.org/p/chromium/issues/detail?id=784183

3、Western Digital My Cloud Pro Series PR2100 Authenticated RCE
https://blogs.securiteam.com/index.php/archives/3679

4、Site Isolation: Prevent Cache manipulation via Cache API
https://bugs.chromium.org/p/chromium/issues/detail?id=791841

5、小蚁摄像机App加密探究
http://iosre.com/t/app/11340

6、UBUNTU 16.04 EBPF ARBITRARY READ/WRITE 漏洞分析
https://whereisk0shl.top/post/2018-03-21

7、Uh Oh! Unified Logs in High Sierra (10.13) Show Plaintext Password for APFS Encrypted External Volumes via Disk Utility.app
https://www.mac4n6.com/blog/2018/3/21/uh-oh-unified-logs-in-high-sierra-1013-show-plaintext-password-for-apfs-encrypted-external-volumes-via-disk-utilityapp

8、某移动应用安全加固与脱壳技术研究与实例分析
https://mp.weixin.qq.com/s?__biz=MzUxOTYzMzU0NQ==&mid=2247484075&idx=1&sn=cc937c0b4a78c1d160620637414c151f&chksm=f9f7ed4dce80645b3033e05feff174f1434965b36170122cc812d97ea9da4c4525db7d32cd41&mpshare=1&scene=1&srcid=0321Mb76CaryVVkhhBTJiLFa

9、Reverse Engineering a MMORPG
https://github.com/beaujeant/PwnAdventure3/blob/master/Workshop/re-mmorpg-troopers18.pdf

10、揭秘以太坊中潜伏多年的“偷渡”漏洞,全球黑客正在疯狂偷币
http://www.sec-lab.io/2018/03/21/ethereum-smuggling-vulnerability/

11、MIPCMS 远程写入配置文件Getshell
https://mp.weixin.qq.com/s?__biz=MzA3NzE2MjgwMg==&mid=301419963&idx=1&sn=0cb82aa5629b6432415c93d9f2b8eb8c&chksm=0b55dde63c2254f04399a7afa7f49a3889e8eaa37d747ec1a1b70f00cc0bf94c764db1295a11&mpshare=1&scene=23&srcid=0321pbJgBla01aN1U5GZXNlG

12、由MetInfo 深入理解PHP变量覆盖漏洞
https://mp.weixin.qq.com/s/I7tEDv12e65KI93TCXN8Ug

13、某商城文件上传漏洞与SQL注入漏洞
https://xianzhi.aliyun.com/forum/topic/2203

【技术分享区】
14、Persistence using RunOnceEx – Hidden from Autoruns.exe
https://oddvar.moe/2018/03/21/persistence-using-runonceex-hidden-from-autoruns-exe/

15、Windows Kernel Exploitation Tutorial Part 7: Uninitialized Heap Variable
https://rootkits.xyz/blog/2018/03/kernel-uninitialized-heap-variable/

16、重新认识被人遗忘的HTTP头注入
http://www.freebuf.com/articles/web/164817.html

17、The Shadow over Android: Heap Exploitation assistance for Android's libc allocator(2017)
https://speakerdeck.com/argp/the-shadow-over-android

18、Active Directory Firewall Ports – Let’s Try To Make This Simple(2011)
https://blogs.msmvps.com/acefekay/2011/11/01/active-directory-firewall-ports-let-s-try-to-make-this-simple/

19、Beyond Precision and Recall: Understanding Uses (and Misuses) of Similarity Hashes in Binary Analysis
http://s3.eurecom.fr/docs/codaspy18_pagani.pdf

20、iOS Forensics -Acquisition Methods and Techniques
https://www.dropbox.com/s/qu4kbg7umqsqvsh/2018_iOS_Forensics_ElcomSoft.pdf?dl=0

21、Virtualization security
https://pages.github.coecis.cornell.edu/cs5450/website/lectures/12-vmsecurity.pdf

22、B站监控体系
https://zhuanlan.zhihu.com/p/34743584

23、"Syzbot" is an automated system that runs the syzkaller fuzzer on the kernel and reports the resulting crashes(Linux Kernel)
https://syzkaller.appspot.com/

24、2018年信息安全从业者书单推荐
https://github.com/riusksk/secbook

25、2017年安天移动安全年报
http://blog.avlsec.com/2018/03/5150/2017-annual-report/

【赏金漏洞区】
26、Coinbase:Ethereum account balance manipulation($10,000)
https://www.vicompany.nl/magazine/from-christmas-present-in-the-blockchain-to-massive-bug-bounty

27、Google adwords 3133.7$ Stored XSS
https://medium.com/@Alra3ees/google-adwords-3133-7-stored-xss-27bb083b8d27

【工具区】
工具#POC of an exploit for Cisco node-jose < 0.11.0(CVE-2018-0114)
https://github.com/zi0Black/POC-CVE-2018-0114

工具#DeViL (Detect Virtual Machine in Linux) is a demonstration tool that employs several techniques to analyse the environment the same way a Linux malware would to detect if it is a virtual machine.
https://github.com/srlkhmi/DeViL

点击收藏 | 0 关注 | 1
  • 动动手指,沙发就是你的了!
登录 后跟帖