每日安全资讯-2020.5.14

声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。

今日导读:Ramsay:针对air‑gapped网络量身定制的间谍工具包、使用JsOutProx RAT对印度政府和金融机构的针对性攻击、PrintDemon:后台打印机提权,持久性和隐秘性、Symantec Endpoint Protection(SEP)14.2 RU2提权漏洞、CVE-2020-1015 Windows提权漏洞、绕过魔兽世界的只读代码保护等。

【病毒区】
1、Ramsay: A cyber‑espionage toolkit tailored for air‑gapped networks

2、Targeted Attacks on Indian Government and Financial Institutions Using the JsOutProx RAT
https://www.zscaler.com/blogs/research/targeted-attacks-indian-government-and-financial-institutions-using-jsoutprox-rat

【漏洞分析区】
3、PrintDemon: Print Spooler Privilege Escalation, Persistence & Stealth (CVE-2020-1048 & more)
https://windows-internals.com/printdemon-cve-2020-1048/

4、Symantec Endpoint Protection (SEP) 14.2 RU2 Elevation of Privileges (CVE-2020-5837)

5、Vulnerability in Google WordPress Plugin Grants Attacker Search Console Access

6、CVE-2020-1015 | Windows Elevation of Privilege Vulnerability

7、Apache ‘logrotate’ 本地提取漏洞分析(CVE-2019-0211)
https://www.anquanke.com/post/id/205159

【技术分享区】
8、Using syzkaller: fuzzing your changes

9、Building a COM Server for Initial Execution

10、Bypassing World of Warcraft’s Read-Only Code Protection (crc32)

#工具#s6_pcie_microblaze:PCI Express DIY hacking toolkit for Xilinx SP605

#工具#Macrome:An Excel Macro Document Reader/Writer for Red Teamers & Analysts.

#工具#SharpeningCobaltStrike:In realtime compiling of dotnet v35/40 exe/dll binaries + obfuscation with ConfuserEx on your linux cobalt strike server.

3 2 1