每日安全资讯-2019.12.3

声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。

今日导读:分析python rat PyXie、Android:新的StrandHogg漏洞在野利用、GoAhead两个漏洞分析、逆向TP-Link TL-WR841N路由器、Trend Micro/McAfee/Kaspersky漏洞分析、绕过WinDefender ATP进行数据窃取、Kubernetes渗透测试方法论、Microsoft Azure帐户劫持漏洞分析等。

【病毒区】
1、Imminent Monitor – a RAT Down Under
2、Analysis of Malicious ElectrumX Servers Source Code
3、Meet PyXie: A Nefarious New Python RAT

【漏洞分析区】
4、Android: New StrandHogg vulnerability is being exploited in the wild
5、Two vulnerabilities in EmbedThis GoAhead Web Server (CVE-2019-5096+CVE-2019-5097)
6、Kernel exploits for the Oculus Quest:CVE-2018-9568(WrongZone)+CVE-2019-2215(BinderThreadUaf)
7、MindShaRE: Hardware Reversing with the TP-Link TL-WR841N Router - Part 2
8、Trend Micro Security 16 - DLL Search-Order Hijacking and Potential Abuses (CVE-2019-15628)
9、McAfee - All Editions (MTP, AVP, MIS) - Self-Defense Bypass and Potential Usages (CVE-2019-3648)
10、Kaspersky Secure Connection - DLL Preloading and Potential Abuses (CVE-2019-15689)
11、Autodesk Desktop Application - Privilege Escalation to SYSTEM (CVE-2019-7365)
12、Accusoft ImageGear PNG IHDR width code execution vulnerability(CVE-2019-5083+CVE-2019-5076+CVE-2019-5132+CVE-2019-5133)

【技术分享区】
13、Evading WinDefender ATP credential-theft: a hit after a hit-and-miss start
14、Insecure by Design: Weaponizing Windows against User-Mode Anti-Cheats, a write up about attacking unprivileged processes by abusing Windows access controls.
15、Pool Fengshui in Windows RDP Vulnerability Exploitation(BlueKeep:CVE-2019-0708)
16、Rendering McAfee web protection ineffective
17、Obtaining shells via Logitech Unifying Dongles
18、Kubernetes Pentest Methodology Part 1
19、Kubernetes Pentest Methodology Part 2
20、Kubernetes Pentest Methodology Part 3
21、Windows内网协议学习NTLM篇之Net-NTLM利用
22、BlackDirect: Microsoft Azure Account Takeover

【工具区】
工具-netrefject is a small POC to show how to use Mono.Cecil to inject .Net payloads into .Net assemblies if you have write access to those assemblies
工具-L1ghtning - an all-in-one recovery utility for checkra1n
工具-hal-fuzz is the sleeker, faster, fuzzing-oriented version of HALucinator.

2 1