每日安全资讯-2020.4.26

声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。

今日导读:Zloader的DGA分析、精准投放Tsunami僵尸网络和“魔铲”挖矿木马的行动分析、ATI Technologies Inc.中的提权、通过Windows错误报告服务文件夹上的重命名操作(滥用DELETE权限)获取SYSTEM,并最终将DLL注入特权wermgr.exe进程中、JNDI 注入利用工具等。

【病毒区】
1、The DGA of Zloader

2、精准投放Tsunami僵尸网络和“魔铲”挖矿木马的行动分析

【漏洞分析区】
3、CVE-2020-12138 Exploit Proof-of-Concept, Privilege Escalation in ATI Technologies Inc. Driver atillk64.sys

【技术分享区】
4、Getting SYSTEM via rename operation (abusing DELETE permission) on Windows Error Reporting Service folders and eventually injecting the DLL into privileged wermgr.exe process.

5、the unexpected consequence of LSA overloading one Logon Session ID for all service account tokens

6、Android Kernel Exploitation:The objective of this workshop is to get started with kernel vulnerability analsysis and exploitation in Android platform.
https://cloudfuzz.github.io/android-kernel-exploitation/

#工具#CatchYou: Fully Undetectable msfvenom payload generator (Win32, meterpreter reverse tcp)

#工具#The ssh-putty-brute.ps1 is a wrapper script which uses PuTTY clients (either putty.exe or plink.exe) to perform SSH login bruteforce attacks.

#工具#JNDI:JNDI 注入利用工具

1