每日安全资讯-2020.9.22

声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。

今日导读:Aruba Clearpass RCE、TokyoWesterns CTF 2020 WP、通过第三方框架进行MacOS注入、防调试,防root防frida技巧分享等。

【漏洞分析区】
1、Aruba Clearpass RCE (CVE-2020-7115)

【技术分享区】
2、TokyoWesterns CTF 2020 | writeups

3、MacOS Injection via Third-Party Frameworks

4、r2-pay: anti-debug, anti-root & anti-frida (part 1)

5、Excel 4.0 Macro, hta, VBScript & PowerShell Analysis Ataware Ransomware – Part 0x1

6、UAC bypass analysis (Stage 1) Ataware Ransomware – Part 0x2

7、Parent PID Spoofing (Stage 2) Ataware Ransomware – Part 0x3

8、Advanced MacroPack payloads: XLM Injection
https://blog.sevagas.com/?Advanced-MacroPack-payloads-XLM-Injection

9、little mindmap to pentest active directory

#工具#Goblin is a module to enumerate all the threads of the EventLog Service Module(wevtsvc.dll) and kill them in an effort to disable EventLog service from registering any new events even though the service appears to be running.

#工具#bombus:合规审计平台