每日安全资讯-2020.9.7

声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。

今日导读:SWIFT的一份报告,详细介绍了银行黑客洗钱所使用的技术、Shell创建对象任务中的提权分析、Telerik UI ASP.NET AJAX文件上传和.NET反序列化分析、Ubuntu ppp的CVE-2020-15704提权漏洞总结、红蓝对抗之邮件钓鱼攻击、极验反爬虫防护分析等。

【病毒区】
1、Epic Manchego – atypical maldoc delivery brings flurry of infostealers

2、FULL REPORT ON CERBERUS, AN ANDROID BANKING TROJAN

3、a report from SWIFT detailing the techniques used by launder money from cyber-heists (bank hacks)

4、Hunting for Goddi – Uncovering MITRE ATT&CK Discovery Tactics & Techniques

【漏洞分析区】
5、Privilege escalation in Shell Create Object Task Server
https://docs.google.com/document/d/e/2PACX-1vTP5OvJToWToMOKyeMyPcIPJhqbnESgWY6dYje9seJY96-ezCEJbXsMkfMWhoqPRaCNRs6BOO7urQyF/pub

6、Telerik UI for ASP.NET AJAX File upload and .NET deserialisation exploit (CVE-2017-11317, CVE-2017-11357, CVE-2019-18935)
https://github.com/bao7uo/RAU_crypto

7、Ubuntu ppp’s CVE-2020-15704 (privilege escalation) wrap-up
https://www.synacktiv.com/publications/ubuntu-ppps-cve-2020-15704-wrap-up

【技术分享区】
8、红蓝对抗之邮件钓鱼攻击

9、DETECTING MITRE ATT&CK TECHNIQUE: PART 1 – T1218.010 (REGSVR32)

10、Detecting MITRE ATT&CK Technique : Part 2 – T1003.001 (LSASS MEMORY)

11、极验反爬虫防护分析
https://www.52pojie.cn/thread-1162853-1-1.html

12、One Click Forensics Lab in the Cloud - A blog post on deploying a DFIR lab on Google Cloud Platform

13、SecWiki周刊(2020/08/31-2020/09/06)
https://www.sec-wiki.com/weekly/340

#工具#aes-finder:Utility to find AES keys in running process memory. Works for 128, 192 and 256-bit keys.

#工具#yacd:Decrypts FairPlay applications on iOS 13.4.1 and lower, no jb required

2 1