每日安全资讯-2020.6.15

声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。

今日导读:Earth Empusa的网络钓鱼攻击揭示了新的Android间谍软件ActionSpy、从OOB到RCE-Hobbes功能解释器的漏洞利用、Microsoft Windows LNK远程代码执行漏洞、PE解析和绕过AV/EDR API Hooks等。

【病毒区】
1、New Android Spyware ActionSpy Revealed via Phishing Attacks from Earth Empusa

【漏洞分析区】
2、OOB to RCE: Exploitation of the Hobbes Functional Interpreter (CVE-2020-13656)

3、A Trio of Bugs Used to Exploit Inductive Automation at Pwn2Own Miami

4、Roundcube mail 3 Xss
https://lorexxar.cn/2020/06/10/roundcube-mail-xss/

5、Microsoft Windows LNK Remote Code Execution Vulnerability - CVE-2020-1299

【技术分享区】
6、Lets Create An EDR… And Bypass It! Part 2

7、PE Parsing and Defeating AV/EDR API Hooks in C++
https://www.solomonsklash.io/pe-parsing-defeating-hooking.html

8、“Heresy’s Gate”: Kernel Zw*/NTDLL Scraping + “Work Out”: Ring 0 to Ring 3 via Worker Factories

9、Understanding and Bypassing AMSI

10、Lamphone: Real-Time Passive Sound Recovery from Light Bulb Vibrations

11、From directory deletion to SYSTEM shell

12、Reverse Engineering the Comtech AHA363 PCIe Gzip Accelerator Board

13、Understanding and Abusing Process Tokens — Part I

14、Understanding and Abusing Access Tokens — Part II

15、A survey of recent iOS kernel exploits

16、SecWiki周刊(2020/06/08-2020/06/14)
https://www.sec-wiki.com/weekly/328

【工具区】
#工具#Frida Boot - A binary instrumentation workshop, with Frida, for beginners!

#工具#Bypass kernel lockdown/uefi secure boot on Ubuntu 18.04 using ACPI SSDT injection, in order to load unsigned kernel modules
https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language.sh

#工具#mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse

#工具#Cmd Hijack - a command/argument confusion with path traversal in cmd.exe

#工具#Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3