声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。
今日导读:通过改造Notepad ++编辑器进行的针对性黑客攻击、Zend PHP 7新的反序列化利用链、Windows内核提权漏洞分析、npm内网IP限制可被绕过用于SSRF、Windows打印后台处理程序漏洞分析、基于Outlook邮件的持久性攻击等。
【病毒区】
1、a weaponized version of the popular open source Notepad++ editor, used in targeted attacks
https://www.trendmicro.com/en_us/research/20/k/weaponizing-open-source-software-for-targeted-attacks.html
2、TrickBot is Dead. Long Live TrickBot!
3、Analyzing an Emotet Dropper and Writing a Python Script to Statically Unpack Payload.
4、TA416 Goes to Ground and Returns with a Golang PlugX Malware Loader
【漏洞分析区】
5、New gadget chain for deserialization in Zend Framework applications. Triggers on __destruct(), gives RCE and works in PHP 7.
6、SD-PWN — Part 3 — Cisco vManage — Another Day, Another Network Takeover
7、gitlab XSS on Issue reference numbers
8、Remote code execution in Elixir-based Paginator(CVE-2020-15150)
9、Windows Kernel Elevation of Privilege Vulnerability(CVE-2020-1034)
https://windows-internals.com/exploiting-a-simple-vulnerability-in-35-easy-steps-or-less/
10、CVE-2020-28360: npm private-ip SSRF Bypass (IP Phone Home)
11、discovering, exploiting and shutting down a dangerous Windows print spooler vulnerability(CVE-2020-1030)
https://www.accenture.com/us-en/blogs/cyber-defense/discovering-exploiting-shutting-down-dangerous-windows-print-spooler-vulnerability
【技术分享区】
12、A Fresh Outlook on Mail Based Persistence
13、Potatoes - Windows Privilege Escalation
https://jlajara.gitlab.io/others/2020/11/22/Potatoes_Windows_Privesc.html
#工具#Gnome is a module to load your signed driver stealthily.