证券简称:天融信   证券代码:002212
安全通告
首页 > 技术支持 > 安全通告

每日攻防资讯简报[July.30th]

发布时间:2021-07-30查看次数:1665
分享到

0x00漏洞

1.严重打印机驱动漏洞(CVE-2021-3438)的根本原因分析

https://voidsec.com/root-cause-analysis-of-cve-2021-3438/

2.Hyper-V RCE 漏洞(CVE-2021-28476)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-28476

0x01工具

1.hallucinate: 使用动态插桩的一站式 TLS 流量检查和操作

https://github.com/SySS-Research/hallucinate

https://blog.syss.com/posts/hallucinate/

2.Android版飞马恶意软件的反编译版本

https://github.com/jonathandata1/pegasus_spyware

3.CredPhish: PowerShell 脚本, 调用合法的凭据提示并通过 DNS 窃取密码

https://github.com/tokyoneon/CredPhish

0x02恶意代码

1.依然活跃的漏洞利用工具包Magnitude

https://decoded.avast.io/janvojtesek/magnitude-exploit-kit-still-alive-and-kicking/

2.MeteorExpress行动: 针对伊朗铁路系统服务中断的雨刷攻击

https://labs.sentinelone.com/meteorexpress-mysterious-wiper-paralyzes-iranian-trains-with-epic-troll/

3.进击中的挖矿软件, Part2: 追捕 LemonDuck 和 LemonCat 攻击

https://www.microsoft.com/security/blog/2021/07/29/when-coin-miners-evolve-part-2-hunting-down-lemonduck-and-lemoncat-attacks/

4.黑客利用微软浏览器漏洞在目标 PC 上部署 VBA 恶意软件

https://blog.malwarebytes.com/threat-intelligence/2021/07/crimea-manifesto-deploys-vba-rat-using-double-attack-vectors/

5.使用恶意驱动窃取内核模式的令牌

https://www.solomonsklash.io/stealing-tokens-with-malicious-driver.html

6.通过archive.org投递恶意内容

https://isc.sans.edu/diary/rss/27688

0x03技术

1.最短路径算法对动态路由问题的适应性

https://blog.qrator.net/en/adaptation-of-shortest-path-algorithms-for-dynamic_139/

2.使用 AD 诱饵检测 LDAP 枚举和Bloodhound 的 Sharphound 收集器

https://medium.com/securonix-tech-blog/detecting-ldap-enumeration-and-bloodhound-s-sharphound-collector-using-active-directory-decoys-dfc840f2f644

3.逐步对 Hyper-V 进行逆向, 并对虚拟信任级别进行深入了解

https://blog.quarkslab.com/a-virtual-journey-from-hardware-virtualization-to-hyper-vs-virtual-trust-levels.html

4.从漏洞利用开发人员的角度详细概述 eBPF

https://www.graplsecurity.com/post/kernel-pwning-with-ebpf-a-love-story

5.NTLM 中继到 AD CS - 关于证书、打印机和小河马

https://dirkjanm.io/ntlm-relaying-to-ad-certificate-services/

https://github.com/dirkjanm/PKINITtools