每日安全动态推送(12-10)

渗透技巧 2年前 (2021) admin
469 0 0
Tencent Security Xuanwu Lab Daily News


• Microsoft Vancouver leaking website credentials via overlooked DS_STORE file:
https://cybernews.com/security/microsoft-vancouver-leaking-website-credentials-via-overlooked-ds-store-file/

   ・ 微软温哥华网站因 DS_STORE 文件暴露泄露 WordPress 密钥等敏感信息 – Jett


• A phishing document signed by Microsoft – part 1:
https://outflank.nl/blog/2021/12/09/a-phishing-document-signed-by-microsoft/

   ・ Microsoft Excel CVE-2021-28449 漏洞分析,该漏洞可以被攻击者利用生成一份微软签名的恶意钓鱼文档,从而加载任意代码 – Jett


• DLL劫持快速挖掘入门教程:
https://tttang.com/archive/1365/

   ・ DLL劫持快速挖掘入门教程. – lanying37


• A new StrongPity variant hides behind Notepad++ installation:
https://blog.minerva-labs.com/a-new-strongpity-variant-hides-behind-notepad-installation?utm_source=reddit

   ・ StrongPity 攻击组织在 Notepad++ 安装包中嵌入恶意代码 – Jett


• Why IoT Security Matters – NCC Group Research:
https://research.nccgroup.com/2021/12/09/why-iot-security-matters/

   ・ Why IoT Security Matters – Jett


• [Pentest] GitHub – S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet: A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.:
https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet

   ・ Active Directory Exploitation Cheat Sheet – Jett


• [Tools] Use ZomEye to track Bitter APT (Behavior Mapping record):
https://youtu.be/dS6Pmpv40QQ

   ・ 利用 ZoomEye 追踪Bitter APT团队恶意软件分析视频. – lanying37


• 【漏洞预警】Apache Log4j2 远程代码执行漏洞二次更新通告:
https://mp.weixin.qq.com/s/AuBchaUvFw2pisVw6rNX5A

   ・ Java 日志框架 Apache Log4j2 被发现高危 RCE 漏洞 – Jett


• GitHub – tangxiaofeng7/apache-log4j-poc: Apache Log4j 远程代码执行:
https://github.com/tangxiaofeng7/apache-log4j-poc

   ・ Apache Log4j 远程代码执行漏洞 PoC 已在 GitHub 公开 – Jett


• Zero Day Initiative — Understanding the Root Cause of CVE-2021-21220 – A Chrome Bug from Pwn2Own 2021:
https://www.zerodayinitiative.com/blog/2021/12/8/understanding-the-root-cause-of-cve-2021-21220-a-chrome-bug-from-pwn2own-2021

   ・ Pwn2Own Vancouver 2021 比赛中 Chrome CVE-2021-21220 漏洞的分析 Part 2 – Jett


• Finding Secret RDP Registry Keys Using IDA Free – The Devolutions Blog:
https://blog.devolutions.net/2021/12/finding-secret-rdp-registry-keys-using-ida-free/

   ・ Finding Secret RDP Registry Keys Using IDA Free – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(12-10)

版权声明:admin 发表于 2021年12月10日 上午4:26。
转载请注明:每日安全动态推送(12-10) | CTF导航

相关文章

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...