每日安全资讯-2020.11.2

声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。

今日导读:深入分析Abaddon,这是使用Discord作为C2和勒索软件功能的首批恶意软件之一、PAX付款设备的漏洞和工具,包括D200,S80,S300,S800,S900,S920、CVE-2020-17087-Windows内核缓冲区溢出,已经有在野利用、.Net 反序列化之 ViewState 利用、在逃避AV时使用C#Shellcode运行程序和confuserex绕过uac等。

【病毒区】
1、In-depth analysis of Abaddon, one of the first malware using Discord as a C2 and ransomware functionalities

【漏洞分析区】
2、Vulnerabilities and tools for the PAX Payment Devices, including D200, S80, S300, S800, S900, S920

3、CVE-2020-17087 - Windows Kernel Buffer Overflow. Already being exploited in the wild
https://bugs.chromium.org/p/project-zero/issues/detail?id=2104

4、Fuzzing for eBPF JIT bugs in the Linux kernel(CVE-2020-27194)

【技术分享区】
5、.Net 反序列化之 ViewState 利用
https://paper.seebug.org/1386/

6、Using A C# Shellcode runner and confuserex to bypass uac while evading AV.

7、Let’s Encrypt issues new Root and Intermediate Certificates
https://scotthelme.co.uk/lets-encrypts-new-root-and-intermediate-certificates/

8、The Forensic View of iMessage Security

9、Exploring the WDAC Microsoft Recommended Block Rules (Part II): Wfc.exe, Fsi.exe, and FsiAnyCpu.exe

#工具#NAT Slipstreaming allows an attacker to remotely access any TCP/UDP services bound to a victim machine, bypassing the victim’s NAT/firewall (arbitrary firewall pinhole control), just by the victim visiting a website.

#工具#Web Hacker’s Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

#工具#CobaltStrikeScan : Scan files or process memory for CobaltStrike beacons and parse their configuration

2 1