每日安全资讯-2020.4.1

声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。

今日导读:Holy water-在亚洲进行的有针对性的水坑攻击、影响Firefox for iOS的半通用XSS、Liferay exp构造指南、攻击HelpDesk的第1部分-DeskPro上的RCE链,以Bitdefender为例、gitlab解析器漏洞利用、java上的SSTI探究等。

【病毒区】
1、Holy water: ongoing targeted water-holing attack in Asia
2、A Malware Researcher’s Guide to Reversing Maze Ransomware

【漏洞分析区】
3、CVE-2019-17004—Semi Universal XSS affecting Firefox for iOS
4、How to exploit Liferay CVE-2020-7961 : quick journey to PoC
5、Analyzing a Windows Search Indexer LPE bug

【技术分享区】
6、A deep dive into disable_functions bypasses and PHP exploitation
7、Attacking HelpDesks Part 1: RCE Chain on DeskPro, with Bitdefender as a Case Study
8、How to exploit parser differentials
9、Using K3s for command and control on compromised Linux hosts
10、Impact of DNS over HTTPS (DoH) on DNS Rebinding Attacks
11、Decrypting Azure VM Extension Settings with Get-AzureVMExtensionSettings
12、ASUS ASIO2.sys driver fun
13、白头搔更短,SSTI惹人心!
工具-(Local Privilege Escalation) for SMBv3
工具-awesome_windows_logical_bugs:windows logical privilege escalation bugs.