最新消息:

【第八期】国内外技术牛文每周精选

Windows demon 361浏览 0评论

 

 

1.. CVE-2018-8174 – VBScript内存损坏漏洞利用

https://github.com/0x09AL/CVE-2018-8174-msf

 

2. LKM Linux rootkit

https://github.com/f0rb1dd3n/Reptile

 

3. SSRF(服务器端请求伪造)测试资源

https://github.com/cujanovic/SSRF-Testing

 

 

4.https://gist.github.com/homjxi0e/d15e92ecf37c404cb63635c18a69d32a

5.Robber是用于查找易于发生DLL劫持的可执行文件的开源工具

https://github.com/MojtabaTajik/Robber/releases/tag/1.2

6. rundll32.exe desk.cpl,InstallScreenSaver c:\temp\calc.scr

 

 

 

8. CVE-2018-8174

https://github.com/smgorelik/Windows-RCE-exploits/tree/master/Web/VBScript

 

 

 

 

每日动态安全(5-28)

  1.  Blazy是一个现代登录bruteforcer,它也测试CSRF,Clickjacking,Cloudflare和WAF      https://github.com/UltimateHackers/Blazy/

 

 

2.    网络应用程序审计框架

https://github.com/m4ll0k/Galileo

 

 

4.   研究人员绕过AMD的SEV虚拟机加密

https://www.bleepingcomputer.com/news/security/researchers-bypass-amd-s-sev-virtual-machine-encryption/

 

5.    rundll32 url.dll, OpenURLA “c:\tmp\test.hta”

作者测试机(AV):Windows Defender on windows 10 1803.

 

6.终端服务器多RDP

https://github.com/gentilkiwi/mimikatz/releases

7.    powershell混淆—-作者写的很详细,可以看看。

https://github.com/r00t-3xp10it/hacking-material-books/blob/master/obfuscation/simple_obfuscation.md

 

 

8.   RCE通过上传web.config

 

9. 这是一个powershell_PoC脚本,用于通过WMI实现通过身份验证的远程代码执行的各种方法

https://github.com/Cybereason/Invoke-WMILM/blob/master/Invoke-WMILM.ps1

 

10. huntpad: 一个开放源码的记事本, 具有对渗透测试人员特别有用的功能

https://github.com/felipedaragon/huntpad

 

11.  Mac宏Payload生成器 —-Office

https://github.com/cldrn/macphish

 

 

每日安全动态(5-29)

1.PowerView

https://pentestlab.blog/2018/05/28/situational-awareness/

 

2.   如何通过SSH跳转框测试隔离网络

https://github.com/earthquake/XFLTReaT/wiki/Unix-jumpbox-with-SSH-access

 

 

3. Windows命令行作弊表(第2部分):WMIC

Windows Command Line cheatsheet (part 2): WMIC

 

 

4.  通过HTTP参数污染的验证码byp

reCAPTCHA bypass via HTTP Parameter Pollution

 

5.   如何绕过GPO策略限制Powershell使用,用rundll32运行PowerShell。绕过软件限制。

https://github.com/p3nt4/PowerShdll

6.   Oracle计划放弃Java序列化支持

https://www.bleepingcomputer.com/news/security/oracle-plans-to-drop-java-serialization-support-the-source-of-most-security-bugs/

 

7.  Markdown-XSS-Payloads

https://github.com/cujanovic/Markdown-XSS-Payloads/blob/master/Markdown-XSS-Payloads.txt

 

8. 从外部Active Directory获取域管理员

https://markitzeroday.com/pass-the-hash/crack-map-exec/2018/03/04/da-from-outside-the-domain.html

 

9. 如何在MIMIKATZ添加模块?

https://littlesecurityprince.com/security/2018/03/18/ModuleMimikatz.html

 

10.   用osquery收集NTFS取证信息

Collect NTFS forensic information with osquery

 

11.  转储明文凭据

Dumping Clear-Text Credentials

 

12. MalHide恶意软件使用受感染的系统作为电子邮件中继

MalHide Malware uses the compromised system as an eMail relay

 

13.  分析高度模糊的MuddyWater(APT)特洛伊木马/后门

https://0ffset.wordpress.com/2018/05/28/0x06-analyzing-a-muddywater-sample/

14.  了解和规避获取InjectedThread 

https://blog.xpnsec.com/undersanding-and-evading-get-injectedthread/

 

每日安全动态(5-30)

1. aswRunDll.exe c:\temp\myDll.dll

OWASP iGoat(Swift) – 一个适用于iOS的骇人听闻的Swift应用程序

https://github.com/OWASP/iGoat-Swift

 

3. wmic 妙用

wmic process call create “calc.exe”
wmic process where name=”calc.exe” call terminate

 

 

Windows Command Line cheatsheet (part 2): WMIC

 

 

4.CVE-2018-3639—变体4

https://access.redhat.com/security/cve/cve-2018-3639

 

 

5.Microsoft Windows JScript错误对象使用后释放远程代码执行漏洞

https://www.zerodayinitiative.com/advisories/ZDI-18-534/

 

6.PSAmsi是审核和击败AMSI签名的工具。

https://github.com/cobbr/PSAmsi

 

7.声波和超声波攻击会损坏硬盘驱动器和崩溃的操作系统

https://arstechnica.com/information-technology/2018/05/attackers-can-send-sounds-to-ddos-video-recorders-and-pcs/

 

8. Active Directory的密码过滤器

https://github.com/ryanries/PassFiltEx

 

9. Roasting AS-REPs

Roasting AS-REPs

10.好东西

https://www.blackhat.com/docs/eu-17/materials/eu-17-Thompson-Red-Team-Techniques-For-Evading-Bypassing-And-Disabling-MS-Advanced-Threat-Protection-And-Advanced-Threat-Analytics.pdf

 

 

 

每日安全动态(5-31)

  1. Git漏洞导致用户PC上的任意代码执行
  2. https://www.bleepingcomputer.com/news/security/malicious-git-repository-can-lead-to-code-execution-on-remote-systems/

 

 

2.dnspy 是一个不可缺少和被低估的工具。它是 ILSpy 的超集, 但也提供了有关元数据表和 PE 内部构件惊人的详细信息。

https://github.com/0xd4d/dnSpy

 

3. Microsoft Windows Use-After-Free(UAF) Remote Code Execution Vulnerability

https://www.securityfocus.com/bid/104310

 

4. WordPress Headway  主题sql注入

https://cxsecurity.com/issue/WLB-2018050287

 

5. 此工具修改NTLMv1 / NTLMv1-ESS / MSCHAPv2散列,以便它们可以在散列表中使用DES模式14000进行破解

https://github.com/evilmog/ntlmv1-multi/

 

6. WMI汇总

https://www.peerlyst.com/posts/wmi-wiki-for-offense-and-defense-s-delano?utm_campaign=peerlyst_shared_post&utm_content=peerlyst_post&utm_medium=social&utm_source=twitter

 

 

7. 通过Windows安装程序文件传送恶意软件

https://isc.sans.edu/forums/diary/Malware+Delivered+via+Windows+Installer+Files/23349/

 

8.Active Directory域服务部分(版本1.1)—项目链接在文末

https://sid-500.com/2018/05/22/active-directory-domain-services-section-version-1-1/

 

9.基于 Powershell 的 Windows 安全审核工具箱

https://github.com/A-mIn3/WINspect

 

10.分析MSI文件

https://isc.sans.edu/diary/23355

 

11.在近期的朝鲜黑客攻击中发现的ActiveX  0day

https://www.bleepingcomputer.com/news/security/activex-zero-day-discovered-in-recent-north-korean-hacks/

 

12.iOS越狱内部(1):在iOS 11.3之后重新安装rootfs

https://weibo.com/ttarticle/p/show?id=2309404245794218721506

 

13. 侧通道通过CSS3功能攻击浏览器

https://www.evonide.com/side-channel-attacking-browsers-through-css3-features/

 

 

 

每日安全动态(6-1)

 

1. 基于HTTPS的DNS

A cartoon intro to DNS over HTTPS

 

 

2. 基于MITER ATT&CK的小型便携式检测测试。

https://github.com/redcanaryco/atomic-red-team

 

3. 雅虎“雇佣黑客”Karim Baratov负责帮助俄罗斯情报人员访问雅虎电子邮件账户

https://news.hitb.org/content/yahoo-hacker-sentenced-five-years-prison-massive-breach

 

4.  Talos发现了针对韩国用户的新的恶意韩文文字处理器(HWP)文件。如果打开恶意文档,则会下载我们称之为“NavRAT”的远程访问特洛伊木马,它可以在受害机器上执执各种操作,包括执行命令,并具有键盘记录功能。

https://blog.talosintelligence.com/2018/05/navrat.html

 

5.  Git—–CVE-2018-11235

6.  Rundll32

 

7.  Windows内核开发教程第5部分:NULL指针解引用

https://rootkits.xyz/blog/2018/01/kernel-null-pointer-dereference/

 

 

8. 通过蓝牙交互式shell

https://www.tarlogic.com/en/blog/interactive-shell-via-bluetooth/

9.   大约75%的Open Redis服务器感染恶意软件

https://www.bleepingcomputer.com/news/security/around-75-percent-of-open-redis-servers-are-infected-with-malware/

10.  Rundll32

https://snippets.cacher.io/snippet/cc4fe207c0bcc2779faf

 

 

11.    有朋友之前提过ADS数据流,在这里我也顺便汇总一次。(一篇是国外大佬的,另一篇自己复现总结的,也是根据这个大佬总结而来)

https://oddvar.moe/2018/01/14/putting-data-in-alternate-data-streams-and-how-to-execute-it/

http://www.ggsec.cn/APT.html

http://www.ggsec.cn/ADS2.html

 

每日安全动态(6-2)

 

1.  firefox  && powershell

 

 

2.用于渗透的Windows特权升级方法

Windows Privilege Escalation Methods for Pentesters

 

3.

A “Remote” Vulnerability

 

 

 

4.  利用“导出函数和DCOM接口”执行穿透指令、实现横向渗透

https://zhuanlan.kanxue.com/article-4866.htm

 

 

5.Empire GUI

https://github.com/EmpireProject/Empire-GUI

 

 

6. invoke-MIM

https://gist.github.com/homjxi0e/d9a27ed848da45d8b65ab3792154b621

 

 

7.如何将 PowerShell 脚本作为 Windows 服务运行

How to run a PowerShell script as a Windows service

8.  内网对抗策略、技巧和常识

https://attack.mitre.org/

 

 

9.https://nbulischeck.io/posts/misusing-debugfs-for-in-memory-rce

 

 

10.每个人都应该知道的7个主要XSS案例

The 7 Main XSS Cases Everyone Should Know

11.PowerProvider —-WMI

https://github.com/0xbadjuju/WheresMyImplant

 

12.狩猎攻击者活动. 发现和检测横向运动的方法

https://www.botconf.eu/wp-content/uploads/2017/12/2017_tomonaga-muda-Hunting-Attacker-Activities.pdf

 

13. 针对机器学习的攻击 – 概述

https://elie.net/blog/ai/attacks-against-machine-learning-an-overview?utm_source=social_acc&utm_medium=linkedin&utm_campaign=ai-attacks

 

14. Linux上的ELF二进制文件101:理解与分析

https://linux-audit.com/elf-binaries-on-linux-understanding-and-analysis/

15.使用PowerShell管理权限只比VBS或命令行更容易一些,因为大多数日常任务(如获取权限报告或向项目添加权限)都没有cmdlet。PowerShell只提供Get-Acl和Set-Acl,但是在获取和设置ACL之间的所有内容都缺失。

https://github.com/raandree/NTFSSecurity

转载请注明:即刻安全 » 【第八期】国内外技术牛文每周精选

您必须 登录 才能发表评论!



合作伙伴