每日安全资讯-2020.11.17

声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。

今日导读:“魔罗桫”组织以巴基斯坦空间科学委员会招聘为诱饵的攻击活动分析、针对南韩的Lazarus供应链攻击、Citrix XenMobile Server路径遍历漏洞、Cisco Security Manager 12个未授权漏洞、Evernote niversal-XSS漏洞、自定义C2-Frameworks以bypass AV、ADWS(WCF)与Impacket的NTLM relay等。

【病毒区】
1、Lazarus supply‑chain attack in South Korea

魔影再现:“魔罗桫”组织以巴基斯坦空间科学委员会招聘为诱饵的攻击活动分析 https://mp.weixin.qq.com/s/0mHWKb4a0kGwhkZZ0n0i9Q

【漏洞分析区】
2、Path Traversal on Citrix XenMobile Server(CVE-2020-8209)

3、Cisco Security Manager 12 unauthenticated vulnerabilities

4、Evernote: Universal-XSS, theft of all cookies from all sites, and more

5、Firefox and how a website could steal all of your cookies (CVE-2020–15647)

【技术分享区】
6、Customizing C2-Frameworks for AV-Evasion
https://s3cur3th1ssh1t.github.io/Customizing_C2_Frameworks/

7、NTLM relay of ADWS (WCF) connections with Impacket

8、Hypervisor Vulnerability Research

9、Smuggling an (Un)exploitable XSSPermalink

#工具#Untrusted Types is a Chrome extension that abuses Trusted Types to log DOMXSS sinks. Requires Chrome v85+.

#工具#AIX 5.3L local root privilege escalation exploit

#工具#Kerbrute:A tool to quickly bruteforce and enumerate valid Active Directory accounts through Kerberos Pre-Authentication

#工具#fscan:一款内网扫描工具,支持主机存活探测、端口扫描、常见服务的爆破、ms17010、redis批量写私钥、计划任务反弹shell、读取win网卡信息等

#工具#侠客:渗透测试一体化工具

#工具#tmpmail is a command line utility written in POSIX sh that allows you to create a temporary email address and receive emails to the temporary email address.

1