360-CERT每日安全简报
Daily Security Briefing
2020-02-18 星期二
<<Previous
Next>>
漏洞
Vulnerability
CVE-2020-0668:Windows Service Tracing中的提权漏洞分析
https://itm4n.github.io/cve-2020-0668-windows-service-tracing-eop/
CVE-2020-8950:AMD User Experience Program Launcher 本地提权漏洞Poc
https://github.com/sailay1996/amd_eop_poc
安全工具
Security Tools
VirusTotal API脚本:从终端扫描恶意样本
https://github.com/TheSecondSun/VTSCAN
GDBFrontend:gdb调试的图形化工具
https://github.com/rohanrhu/gdb-frontend
安全资讯
Security Information
2019年开源软件漏洞Top 10
https://resources.whitesourcesoftware.com/blog-whitesource/top-security-open-source-vulnerabilities
2019年Web 攻击技术Top 10
https://portswigger.net/research/top-10-web-hacking-techniques-of-2019
安全研究
Security Research
BlueHat IL 2020:.NET攻击面的探索,并对其进行注入——Youtube
https://www.youtube.com/watch?v=FuxpMXTgV9s
CVE-2019-18683: Linux kernel 中存在于V4L2 子系统的漏洞分析——write-up,Slides,youtube
https://twitter.com/ale_sp_brazil/status/1228919432849870849
分析如何攻击Office 365——Slide和工具公布
https://github.com/mdsecactivebreach/o365-attack-toolkit/blob/master/presentation/BSides%20Leeds%20-%20Introducing%20the%20O365-Attack-Toolkit.pdf
使用Binary Ninja分析除零漏洞(Part 1~2)
https://medium.com/@cetfor/finding-cwe-369-divide-by-zero-bugs-with-binary-ninja-part-1-e14b484b2551
Linux x86内核中上下文切换过程的演变
https://www.maizure.org/projects/evolution_x86_context_switch_linux/
sudo历史漏洞回顾
https://mp.weixin.qq.com/s/wHwLh0mI00eyRHw8j3lTng
BlueHat IL 2020 会议Youtube视频放出
https://www.youtube.com/results?search_query=BlueHat+IL+2020
利用gdb调试Windows 10内核
https://github.com/commial/experiments/tree/master/debugging-secure-kernel
对AWS Cognito的错误配置进行攻击
https://www.notsosecure.com/hacking-aws-cognito-misconfigurations/
恶意软件
Malware
伊朗黑客通过攻击Pulse Secure,Fortinet,Palo Alto Networks和Citrix VPN入侵大型公司
https://www.zdnet.com/article/iranian-hackers-have-been-hacking-vpn-servers-to-plant-backdoors-in-companies-around-the-world/
针对以色列士兵的恶意攻击(APT-C-23)分析
https://research.checkpoint.com/2020/hamas-android-malware-on-idf-soldiers-this-is-how-it-happened/
深入分析最新的Gamaredon间谍活动
https://securityaffairs.co/wordpress/97992/apt/gamaredon-espionage-campaign.html
ClearSky 团队对 Fox Kitten - 伊朗间谍活动的研究报告
https://www.clearskysec.com/fox-kitten/
<<Previous
Next>>