记录黑客技术中优秀的内容,传播黑客文化,分享黑客技术精华

每日安全动态推送(02-23)

2021-02-23 13:39
Tencent Security Xuanwu Lab Daily News


• The Story of Jian - How APT31 Stole and Used an Unknown Equation Group 0-Day - Check Point Research:
https://research.checkpoint.com/2021/the-story-of-jian/

   ・ 据 Checkpoint 报告,APT31 在 NSA 方程式 CVE-2017-0005 0day 泄露之前就使用了该漏洞 – Jett


• Cyber Criminals Exploit Accellion FTA for Data Theft and Extortion:
http://www.fireeye.com/blog/threat-research/2021/02/accellion-fta-exploited-for-data-theft-and-extortion.html

   ・ 攻击者利用 Accellion FTA 文件传输应用的 0Day 窃取数据 – Jett


• ManiMed: Hamilton Medical AG – HAMILTON-T1 Ventilator Vulnerabilities:
https://insinuator.net/2021/02/manimed-hamilton-medical-ag-hamilton-t1-ventilator-vulnerabilities/

   ・ ManiMed:Hamilton Medical AG – HAMILTON-T1瑞士制造医疗便携呼吸机安全漏洞披露。 – lanying37


• [Network] EXPLORING THE OPC ATTACK SURFACE:
http://okt.to/Th0gLW

   ・ 探索OPC网路协议安全漏洞分析报告。 – lanying37


• [Windows] Offensive Windows IPC Internals 2: RPC · csandker.io:
https://csandker.io/2021/02/21/Offensive-Windows-IPC-2-RPC.html

   ・ 探究Windows IPC内部原理(第二部分):RPC – lanying37


• Farming for Red Teams: Harvesting NetNTLM - MDSec:
https://www.mdsec.co.uk/2021/02/farming-for-red-teams-harvesting-netntlm/

   ・ Farming for Red Teams: Harvesting NetNTLM – Jett


• [Windows] Windows Registry - Analysis andTracking Every Windows activity:
https://gbhackers.com/windows-registry-analysis-tracking-everything-you-do-on-the-system/

   ・ Windows注册表取证分析–跟踪在Windows系统执行每个程序进程活动。 – lanying37


• [Tools, macOS, iOS] GitHub - kean/Pulse: Structured Logging System:
https://github.com/kean/Pulse

   ・ 有开发者开源的一款 macOS、iOS 日志可视化和日志共享工具 – Jett


• [Browser] 1146670 - TFC chrome full chain - chromium:
https://bugs.chromium.org/p/chromium/issues/detail?id=1146670

   ・ 去年天府杯 Chrome Full Chain Exploit 代码公开了 – Jett


• [Windows, Vulnerability] An Unconventional Exploit for the RpcEptMapper Registry Key Vulnerability:
https://itm4n.github.io/windows-registry-rpceptmapper-exploit/

   ・ Windows 注册表中 RpcEptMapper 键权限设置不当导致可以实现本地提权 – Jett


• [Tools] Browse Shell/Bash Code Examples:
https://www.codegrepper.com/code-examples/shell

   ・ 在线阅读Shell/Bash语言编程代码教程实例网站。 – lanying37


• Buffer Overflows Made Easy - Part 7: Finding the Right Module:
https://www.youtube.com/watch?v=k9D9RuFT02I

   ・ 轻松掌握实现缓冲区溢出视频教程-第7部分:找到合适的模块 。 – lanying37


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab



知识来源: https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651957271&idx=1&sn=69ac7cade6d25548f258b7684e9186d1

阅读:4418 | 评论:0 | 标签:安全

想收藏或者和大家分享这篇好文章→复制链接地址

“每日安全动态推送(02-23)”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

❤人人都能成为掌握黑客技术的英雄⛄️

🧚 🤲 🧜

标签云