每日安全资讯-2020.7.8

声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。

今日导读:还原自定义macOS恶意软件EvilQuest文件加密过程、西迪特OLTs多个安全漏洞披露、WebSocket Network Service中的UaF、F5 BIG-IP RCE利用分析、Java代码执行漏洞中类动态加载的应用、逆向分析DexGuard等。

【病毒区】
1、The Gafgyt variant vbot seen in its 31 campaigns

2、Breaking EvilQuest | Reversing A Custom macOS Ransomware File Encryption Routine

【漏洞分析区】
3、西迪特OLTs多个安全漏洞披露
https://pierrekim.github.io/blog/2020-07-07-cdata-olt-0day-vulnerabilities.html

4、Another “universal” XSS via copy&paste
https://bugs.chromium.org/p/chromium/issues/detail?id=1040755

5、UAF in WebSocket Network Service (reward: $20000)
https://bugs.chromium.org/p/chromium/issues/detail?id=1065704

6、DisplayLink USB Graphics Software arbitrary file write Elevation of Privilege
https://offsec.almond.consulting/displaylink-usb-graphics-arbitrary-file-write-eop.html

7、Sudo 1.8.25p: A tale of BufferOverflow in linux(CVE-2019–18634)

8、F5 BIG-IP Remote Code Execution Exploit – CVE-2020-5902

【技术分享区】
9、Java代码执行漏洞中类动态加载的应用

10、Patchless AMSI bypass using SharpBlock
https://www.pentestpartners.com/security-blog/patchless-amsi-bypass-using-sharpblock/

11、Reversing DexGuard, Part 1 – Code Obfuscation & RASP
https://www.pnfsoftware.com/blog/reversing-dexguard/

12、Reversing DexGuard, Part 2 – Assets and Code Encryption
https://www.pnfsoftware.com/blog/reversing-dexguard-encryption/

13、Pwning smart garage door openers
https://www.pentestpartners.com/security-blog/pwning-smart-garage-door-openers/

14、How Do Attackers Use LOLBins In Fileless Attacks?

15、TrustJack - A UAC bypass based on Trusted folder abuse

16、An offensive guide to the Authorization Code grant

17、Bean Stalking: Growing Java beans into RCE

18、Configuring a Windows Domain to Dynamically Analyze an Obfuscated Lateral Movement Tool

19、Memory Tagging for the Kernel: Tag-Based KASAN

20、Symbolic execution with SymCC: Don’t interpret, compile!
http://www.s3.eurecom.fr/tools/symbolic_execution/symcc.html

6 5

3 2 1