每日安全动态推送(07-08)
Endpoint Hunting in an AntiEDR World:https://mgreen27.github.io/projects/AntiEDRWorld/
・ Endpoint Hunting in an AntiEDR World - 终端安全产品与攻击者的对抗 – Jett
https://objectivebythesea.com/v2/talks/OBTS_v2_Hill.pdf:
https://objectivebythesea.com/v2/talks/OBTS_v2_Hill.pdf
・ 通过Apple PPP和CCL组件实现权限提升,相关代码 https://github.com/posixninja/pppoccl –R3dF09
Fuzzing File Systems via Two-Dimensional Input Space Exploration – Summary:
https://r3xnation.wordpress.com/2019/07/06/fuzzing-file-systems-via-two-dimensional-input-space-exploration-summary/
・ JANUS:将AFL和Syzkaller结合在一起fuzz文件系统的工作 – LW
https://objectivebythesea.com/v2/talks/OBTS_v2_Fitzl.pdf:
https://objectivebythesea.com/v2/talks/OBTS_v2_Fitzl.pdf
・ 通过无害的AppStore apps获得macOS root权限,可参考阅读 https://objective-see.com/blog/blog_0x46.html – R3dF09
Page 2 of 62:
https://drive.google.com/file/d/1HwG6Ks_2dO0ut2plyPx1-svfNVKL1Mhu/view?usp=drivesdk
・ 介绍了 dwarf ,一款基于 frida 和 qt 的跨平台调试器,并讲述了一次针对 反调试、混淆和加壳 的破解流程。 – 靓仔
How I Hacked the Microsoft Outlook Android App and Found CVE-2019-1105:
https://www.f5.com/labs/articles/threat-intelligence/how-i-hacked-the-microsoft-outlook-android-app-and-found-cve-2019-1105?sf214690162=1
・ outlook app 客户端中的存储型xss,以及其poc构造过程 – 靓仔
Analysis of a use-after-unmap vulnerability in Edge: CVE-2019-0609:
https://gts3.org/2019/cve-2019-0609.html
・ 佐治亚理工 SSLab 对 CVE-2019-0609, 一个Edge 中的 use-after-unmap 漏洞的分析 –AI_FUZZ
Ghidra Python Scripting - AZORult:
http://rinseandrepeatanalysis.blogspot.com/2019/07/ghidra-python-scripting-azorult.html
・ 利用 Ghidra Python 脚本批量还原基于 GetProcAddress 实现的调用序列的函数名 – Jett
Automated AD and Windows test lab deployments with Invoke-ADLabDeployer:
https://outflank.nl/blog/2018/03/30/automated-ad-and-windows-test-lab-deployments-with-invoke-adlabdeployer/
・ 利用 Invoke-ADLabDeployer PowerShell 脚本自动化部署一个 Windows AD 测试环境 – Jett
https://bit.ly/wctf2019-gtf:
https://bit.ly/wctf2019-gtf
・ TokyoWesterns 团队 icchy 公开的 WCTF2019 Writeup – Jett
IronPython, darkly: how we uncovered an attack on government entities in Europe:
http://blog.ptsecurity.com/2019/07/ironpython-darkly-how-we-uncovered.html
・ Positive Technologies 对一起针对克罗地亚政府的定向攻击的分析 – Jett
页:
[1]