每日安全资讯-2020.5.25

声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。

今日导读:Smokeloader的反调试技术解析、Parallels Desktop提权漏洞、Docker Desktop for Windows提权漏洞等。

【病毒区】
1、The Gocgle Malicious Campaign

5、Examining Smokeloader’s Anti Hooking technique

【漏洞分析区】
2、CVE-2020-8871: Privilege Escalation in Parallels Desktop via VGA Device

3、Memory corruption vulnerability in GNU Glibc leaves smart vehicles open to attack

4、Docker Desktop for Windows PrivEsc (CVE-2020-11492)
https://www.pentestpartners.com/security-blog/docker-desktop-for-windows-privesc-cve-2020-11492/

【技术分享区】
6、Automated malware unpacking with binary emulation
https://lopqto.me/posts/automated-malware-unpacking

7、How to Use Windows 10’s Package Manager, “winget”

8、SecWiki周刊(2020/05/18-2020/05/24)
https://www.sec-wiki.com/weekly/325

#工具#RogueWinRM is a local privilege escalation exploit that allows to escalate from a Service account (with SeImpersonatePrivilege) to Local System account if WinRM service is not running (default on Win10 but NOT on Windows Server 2019).

1