每日安全资讯-2020.8.7

声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。

今日导读:通过Safari的六个漏洞进行macOS内核利用、TerraMaster OS exportUser.php远程代码执行、TiYunZong-利用漏洞链远程root现代Android设备、一个字节的差错导致Cisco防火墙路由器远程代码执行、绕过蓝牙身份验证秘密访问您的Android手机等。

【漏洞分析区】
1、Exploiting Android Messengers with WebRTC: Part 3

2、Compromising the macOS Kernel through Safari by Chaining Six Vulnerabilities

3、TerraMaster OS exportUser.php Remote Code Execution(CVE-2020-15568)

4、TiYunZong-An Exploit Chain to Remotely Root Modern Android Devices(CVE-2019-5870, CVE-2019-5877, CVE-2019-10567)

5、Hacking Cisco SD-WAN vManage 19.2.2 — From CSRF to Remote Code Execution

6、一个字节的差错导致Cisco防火墙路由器远程代码执行(CVE-2020-3330)
https://blogs.360.cn/post/yi-ge-zi-jie-cha-cuo-dao-zhi-Cisco-fang-huo-qiang-lu-you-qi-yuan-cheng-dai-ma-zhi-xing.html

【技术分享区】
7、Demystifying Modern Windows Rootkits

8、Emulating Samsung’s Baseband for Security Testing

9、Stealthily Access Your Android Phones - Bypass the Bluetooth Authentication

10、Windows Data Structures and Callbacks, Part 1

#工具#Juggler:一个也许能骗到黑客的系统。

#工具#wechat_articles_spider:微信公众号的爬虫

#工具#Kerberos.NET:A library built in .NET that lets you operate on Kerberos messages.
https://github.com/dotnet/Kerberos.NET

#工具#Routopsy is a toolkit built to attack often overlooked networking protocols. Routopsy currently supports attacks against Dynamic Routing Protocols (DRP) and First-Hop Redundancy Protocols (FHRP).