每日安全资讯-2020.7.13

声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。

今日导读:新Mirai利用CVE-2020-10173漏洞进行攻击、F5 TMUI RCE漏洞分析、针对宝塔的RASP及其disable_functions的绕过、记一次排查PHP上传目录配置的经历等。

【病毒区】
1、New Mirai Variant Expands Arsenal, Exploits CVE-2020-10173

2、Deobfuscating DanaBot’s API Hashing

【漏洞分析区】
3、Chrome: Copy & paste XSS via noscript (reward: $5000)
https://bugs.chromium.org/p/chromium/issues/detail?id=1065761

4、Understanding the root cause of F5 Networks K52145254: TMUI RCE vulnerability CVE-2020-5902

【技术分享区】
5、针对宝塔的RASP及其disable_functions的绕过

6、Multiple Critical Vulnerabilities in Multiple Rittal Products Based on Same Software
https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-multiple-rittal-products-based-on-same-software/

7、Reversing DexGuard, Part 3 – Code Virtualization
https://www.pnfsoftware.com/blog/reversing-dexguard-virtualization/

8、Top 16 Active Directory Vulnerabilities

9、Advanced VBA macros: bypassing olevba static analyses with 0 hits
https://www.certego.net/en/news/advanced-vba-macros/

10、记一次排查PHP上传目录配置的经历
https://www.leavesongs.com/PHP/a-bug-resolve-tour-with-php-upload-path.html

11、indexed all Windows files which appear in Windows update package,it allows to quickly view information about the files and download some of them from Microsoft servers.
https://m417z.com/winbindex/

12、DLL Proxy Loading Your Favourite C# Implant

13、Exploring the tradecraft and TTPs of the ACSC’s copy-paste adversary.

14、SecWiki周刊(2020/07/06-2020/07/12)
https://www.sec-wiki.com/weekly/332

1