每日安全资讯-2020.9.10

声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。

【病毒区】
1、TikTok Spyware - a detailed analysis of spyware masquerading as TikTok
https://www.zscaler.com/blogs/research/tiktok-spyware

【漏洞分析区】
2、Raccoon is a timing vulnerability in the TLS specification that affects HTTPS and other services that rely on SSL and TLS.
https://raccoon-attack.com/

3、GitLab:Stored XSS on PyPi simple API endpoint

4、GitLab:Stored XSS in markdown when redacting references

【技术分享区】
5、Bypass AMSI by manual modification part II - Invoke-Mimikatz
https://s3cur3th1ssh1t.github.io/Bypass-AMSI-by-manual-modification-part-II/

6、Disabling Windows Event Logs by Suspending EventLog Service Threads
https://www.ired.team/offensive-security/defense-evasion/disabling-windows-event-logs-by-suspending-eventlog-service-threads

7、XSS->Fix->Bypass: 10000$ bounty in Google Maps

1