每日安全资讯-2020.5.7

声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。

今日导读:H2Miner黑产团伙利用SaltStack漏洞控制服务器挖矿,已获利370万元、Samsung Android多个无交互RCE和其他远程访问问题、RemotePC Windows版远程命令执行、Squid内存泄漏和UaF漏洞分析、pipePotato-一种新型的通用提权漏洞等。

【病毒区】
1、The Dacls RAT …now on macOS!:deconstructing the mac variant of a lazarus group implant.

2、Android Campaign from Known OceanLotus APT Group Potentially Older than Estimated, Abused Legitimate Certificate

3、H2Miner黑产团伙利用SaltStack漏洞控制服务器挖矿,已获利370万元

【漏洞分析区】
4、Samsung Android multiple interactionless RCEs and other remote access issues in Qmage image codec built into Skia(CVE-2020-8899)
https://bugs.chromium.org/p/project-zero/issues/detail?id=2002

5、Remote Command Execution on RemotePC for Windows
https://www.gremwell.com/node/955

6、Memory leak and Use After Free in Squid(CVE-2019-18679/CVE-2020-11945)
https://www.synacktiv.com/posts/exploit/memory-leak-and-use-after-free-in-squid.html

7、Code execution vulnerability in 3S CODESYS

【技术分享区】
8、pipePotato:一种新型的通用提权漏洞
https://www.anquanke.com/post/id/204510

9、Bugs on the Windshield: Fuzzing the Windows Kernel

10、Ok Google! bypass ‘flag_secure’

11、Docker Container Breakout: Abusing SYS_MODULE capability!

12、Exploring macOS Calendar Alerts: Part 1 – Attempting to execute code

13、T1111: Two Factor Interception, RSA SecurID Software Tokens
https://www.mdsec.co.uk/2020/05/t1111-two-factor-interception-rsa-securid-software-tokens/

14、bypass openrasp SpEL RCE 的过程及思考
https://landgrey.me/blog/15/

15、Practical Attacks and Defences for GraphQL APIs

16、SQL Server Hacking Tips for Active Directory Environments

17、30 part course on Windows exploitation, ranging from the basics to advanced Kernel exploitation on Windows 10
https://fullpwnops.com/windows-exploitation-pathway.html

18、VB2019 paper: APT cases exploiting vulnerabilities in region-specific software
https://www.virusbulletin.com/blog/2020/05/vb2019-paper-apt-cases-exploiting-vulnerabilities-region-specific-software/

19、Awesome-Bugbounty-Writeups:A curated list of bugbounty writeups (Bug type wise)

#工具#FalconZero v1.0 - a stealthy, targeted Windows Loader for delivering second-stage payloads(shellcode) to the host machine undetected

#工具#NetLoader:Loads any C# binary in mem, patching AMSI and bypassing Windows Defender

#工具#SkCodecFuzzer:Fuzzing harness for testing proprietary image codecs supported by Skia on Android

#工具#SocksOverRDP:Socks5 Proxy support for Remote Desktop Protocol / Terminal Services

3 2 1