每日安全资讯-2020.6.22

声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。

今日导读:针对SSH的Golang bots、Microsoft Windows Defender提权、利用WAF进行拒绝服务攻击、RangeAmp攻击-将CDN变成DDoS加农炮、探索基于http.sys实现权限维持等。

【病毒区】
1、Analysis of Cerberus banking Trojan distributed over phishing websites (e.g. Amazon)

2、SSH-Targeting Golang Bots Becoming the New Norm

【漏洞分析区】
3、CVE-2020-1170 - Microsoft Windows Defender Elevation of Privilege Vulnerability
https://itm4n.github.io/cve-2020-1170-windows-defender-eop/

【技术分享区】
4、利用WAF进行拒绝服务攻击
https://xz.aliyun.com/t/7895

5、how to automatically rewrite 700’000 lines of code to bypass most AV/EDR (features string+API call obfuscation for Meterpreter)
https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/

6、Reverse Engineering Snapchat (Part II): Debofuscating the Undeobfuscatable

7、Bring your own .NET Core Garbage Collector

8、RangeAmp攻击:将CDN变成DDoS加农炮

9、探索基于http.sys实现权限维持

10、Weaponizing Windows Virtualisation", how malware actors (Loki, Nanocore, Phobos) mount malicious ISO files without administrative privileges in C
https://vxug.fakedoma.in/papers/VXUG/Exclusive/WeaponizingWindowsVirtualization.pdf

11、How did I found multiple reflected cross-site scripting (rXSS) vulnerabilities on Facebook

12、SecWiki周刊(2020/06/15-2020/06/21)
https://www.sec-wiki.com/weekly/329

#工具#IntelMCDowngrade:Scripts to collect microcode from CPUMicrocodes Repo and to downgrade to a compatible microcode.

#工具#leak.docx:Leak windows system info through a docx file