每日安全资讯-2020.11.16

声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。

1、Apache OpenOffice RCE (CVE-2020-13958)

2、SD-PWN Part 2 — Citrix SD-WAN Center — Another Network Takeover

3、Forklift <=3.3.9 and <=3.4 Local Privilege Escalations on macOS (CVE-2020-15349/CVE-2020-27192)

4、SaltStack未授权访问及命令执行漏洞分析(CVE-2020-16846/25592)

5、MsvpPasswordValidate hooking:Dumping local credentials by hooking MsvpPasswordValidate in NtlmShared.dll
https://offnotes.notso.pro/abusing-credentials/dumping-credentials/msvppasswordvalidate-hook

6、Decrypting OpenSSH sessions for fun and profit

7、Duping AV with handles-another way to bypass AV detection access to LSASS process for credential dumping

8、Hunting for Malicious Packages on PyPI

9、31k$ SSRF in Google Cloud Monitoring led to metadata exposure