今日导读:MyKings: 一个大规模多重僵尸网络、一个大规模的挖币组织尝试使用开源XMRig实用程序来挖掘Monero币、分析CrossRAT>用于全球网络间谍活动的跨平台病毒、Oracle VirtualBox存在多个guest到host的逃逸漏洞、Google Chrome Skia采样器存在地址计算漏洞、macOS 10.13存在内核内存泄露、ANDROID平台挖矿木马研究报告、WSL中的execve()漏洞利用、win x86/x64基于堆栈的缓冲区溢出科普、Google Project Zero的ppt:Weird Machines, Exploitability, and provable non-exploitability、安卓系统安全性生态环境研究、中国网站安全形势分析报告、滴滴安全大会PPT、google chrome v8的几个poc等,还有一些工具。

1、MyKings: 一个大规模多重僵尸网络
http://blog.netlab.360.com/mykings-the-botnet-behind-multiple-active-spreading-botnets/

2、Large Scale Monero Cryptocurrency Mining Operation using XMRig
https://researchcenter.paloaltonetworks.com/2018/01/unit42-large-scale-monero-cryptocurrency-mining-operation-using-xmrig/

3、Lazarus Campaign Targeting Cryptocurrencies Reveals Remote Controller Tool, an Evolved RATANKBA, and More
https://blog.trendmicro.com/trendlabs-security-intelligence/lazarus-campaign-targeting-cryptocurrencies-reveals-remote-controller-tool-evolved-ratankba/

4、Analyzing CrossRAT› a cross-platform implant, utilized in a global cyber-espionage campaign
https://objective-see.com/blog/blog_0x28.html

工具#CrossRAT样本(infect3d)
https://objective-see.com/downloads/malware/CrossRAT.zip

6、RTF files for Hancitor utilize exploit for CVE-2017-11882
https://isc.sans.edu/forums/diary/RTF+files+for+Hancitor+utilize+exploit+for+CVE201711882/23271

7、Quickpost: SteamStealers via Github
https://bartblaze.blogspot.com/2018/01/quickpost-steamstealers-via-github.html

8、Oracle VirtualBox Multiple Guest to Host Escape Vulnerabilities
https://blogs.securiteam.com/index.php/archives/3649

9、Google Chrome Skia Sampler Address Calculation Vulnerability (CVE-2017-5063)
https://bugs.chromium.org/p/chromium/issues/detail?id=700836

10、macOS 10.13 (17A365) - Kernel Memory Disclosure due to Lack of Bounds Checking in 'AppleIntelCapriController::getDisplayPipeCapability'(CVE-2017-13878)
https://www.exploit-db.com/exploits/43780/

11、Anti-debug with VirtualAlloc's write watch
https://codeinsecurity.wordpress.com/2018/01/24/anti-debug-with-virtualallocs-write-watch/

12、ANDROID平台挖矿木马研究报告
http://blogs.360.cn/360mobile/2018/01/24/analysis_of_mobile_mining_monero/

13、ESET's Guide to Deobfuscating and Devirtualizing FinFisher
https://www.welivesecurity.com/wp-content/uploads/2018/01/WP-FinFisher.pdf

14、Linux Vulnerabilities, Windows Exploits -- Escalating Privileges with WSL
https://github.com/saaramar/execve_exploit

15、Stack Based Buffer Overflows on x86 (Windows) – Part I
https://nytrosecurity.com/2017/12/09/stack-based-buffer-overflows-on-x86-windows-part-i/

16、Stack Based Buffer Overflows on x86 (Windows) – Part II
https://nytrosecurity.com/2017/12/20/stack-based-buffer-overflows-on-x86-windows-part-ii/

17、Stack Based Buffer Overflows on x64 (Windows) – Part III
https://nytrosecurity.com/2018/01/24/stack-based-buffer-overflows-on-x64-windows/

18、Weird Machines, Exploitability, and provable non-exploitability(Understanding the nature of “exploits”)
https://docs.google.com/presentation/d/1lfQGEX2aGEA1H7flsXw4V30ZkbnrfikYk9IrctuwZO8/edit

19、Investigate Unauthorised Logon Attempts using LogonTracer
http://blog.jpcert.or.jp/2018/01/investigate-unauthorised-logon-attempts-using-logontracer.html

20、区块链技术安全讨论
https://cert.360.cn/static/files/%E5%8C%BA%E5%9D%97%E9%93%BE%E6%8A%80%E6%9C%AF%E5%AE%89%E5%85%A8%E8%AE%A8%E8%AE%BA.pdf

21、2017年度安卓系统安全性生态环境研究
https://www.anquanke.com/post/id/95950

22、2017中国网站安全形势分析报告
http://zt.360.cn/1101061855.php?dtid=1101062368&did=490995546

23、Hacker101 is a free class for web security.
https://www.hacker101.com/

24、滴滴安全大会PPT(ky8y)
https://pan.baidu.com/s/1bqWscov

25、Full Account Takeover through CORS with connection Sockets
https://medium.com/@saamux/full-account-takeover-through-cors-with-connection-sockets-179133384815

工具#google chrome v8 poc(CVE-2017-5070&CVE-2017-15399&CVE-2017-15428&CVE-2017-XXXX(duplicate with chromium worker))
https://github.com/xuechiyaobai/V8_November_2017

工具#Monitoring-Systems-Cheat-Sheet:A cheat sheet for pentesters and researchers about exploitation well-known monitoring systems.
https://github.com/HD421/Monitoring-Systems-Cheat-Sheet

工具#rbndr is a very simple, non-conforming, name server for testing software against DNS rebinding vulnerabilities.
https://github.com/taviso/rbndr

工具#ncatool is a tool to view information about, decrypt, and extract Nintendo Content Archives.
https://github.com/SciresM/ncatool

点击收藏 | 0 关注 | 1
  • 动动手指,沙发就是你的了!
登录 后跟帖