知識動態包括每周感覺不錯的技術文章、工具以及重要漏洞相關信息。
瀏覽器漏洞相關•Intro to Chrome’s V8 from an exploit development angle
https://sensepost.com/blog/2020/intro-to-chromes-v8-from-an-exploit-development-angle/從攻擊者角度看v8相關工具(turbolizer)的使用,同時也簡單描述了turbofan的優化過程。•Understanding the ECMAScript spec, part 2
https://v8.dev/blog/understanding-ecmascript-part-2V8 官方關於它們對於ECMAScript標準的理解•Exploiting an Accidentally Discovered V8 RCE
https://zon8.re/posts/exploiting-an-accidentally-discovered-v8-rce/v8 Issue 744584 從poc到exploit虛擬逃逸漏洞相關•Pwning VMware, Part 2: ZDI-19-421, a UHCI bug
https://nafod.net/blog/2020/02/29/zdi-19-421-uhci.html分析vmware逃逸漏洞ZDI-19-421作業系統漏洞相關•macOS Security Framework and previous CVEs:
https://rekken.github.io/2020/02/26/macOS-Security-Framework-and-Previous-CVEs-EN/https://rekken.github.io/2020/02/26/macOS-Security-Framework-and-Previous-CVEs-CN/分析 Security Framework 尤其是其中 Keychain 的架構,將 Security Framework 近一兩年的歷史漏洞做個整理。•Critical MediaTek rootkit affecting millions of Android devices has been out in the open for months
https://www.xda-developers.com/mediatek-su-rootkit-exploit/CVE-2020-0069 MediaTek 晶片rootkit會影響百萬臺安卓設備漏洞•Android Security Bulletin—March 2020
https://source.android.com/security/bulletin/2020-03-01https://lore.kernel.org/lkml/20191213202531.55010-1-tkjos@google.com/CVE-2020-0041:Android Binder 的漏洞,已經修補。•CVE-2019-1458: Going from 'in the wild report' to POC
https://github.com/piotrflorczyk/cve-2019-1458_POC/blob/master/README.mdCVE-2019-1458 Win32k特權提升漏洞分析writeup•Issue 1982: Remote iOS/MacOS kernel heap corruption due to insufficient bounds checking in AWDL
https://bugs.chromium.org/p/project-zero/issues/detail?id=1982cve-2020-3483 目前已有的poc可以遠程dump iphone內存的漏洞•CVE-2020-8597
https://thehackernews.com/2020/03/ppp-daemon-vulnerability.html隱藏17年的Point-to-Point 協議(PPP) 漏洞,幾乎影響所有的linux系統應用程式漏洞相關•str::repeat - stable wildcopy exploit
https://saaramar.github.io/str_repeat_exploit/CVE-2018-1000810 Rust標準庫漏洞從分析到exploit。•BraveStarr – A Fedora 31 netkit telnetd remote exploit
https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.htmlFedora 31 version of netkit-telnet-0.17 遠程rce漏洞分析•CVE-2020-9547
https://github.com/fairyming/CVE-2020-9547CVE-2020-9547:FasterXML/jackson-databind 遠程代碼執行漏洞•CVE-2020-9402:Potential SQL injection via tolerance parameter in GIS functions and aggregates on Oracle
https://www.djangoproject.com/weblog/2020/mar/04/security-releases/•CVE-2020-2555: RCE THROUGH A DESERIALIZATION BUG IN ORACLE』S WEBLOGIC SERVER
https://www.zerodayinitiative.com/blog/2020/3/5/cve-2020-2555-rce-through-a-deserialization-bug-in-oracles-weblogic-serverCVE-2020-2555 weblogic 反序列化rce漏洞•Weblogic CVE-2020-2551 IIOP協議反序列化RCE
https://y4er.com/post/weblogic-cve-2020-2551/https://github.com/Y4er/CVE-2020-2551/漏洞挖掘相關•Reviewing software testing techniques for finding security vulnerabilities.
https://patricegodefroid.github.io/public_psfiles/Fuzzing-101-CACM2020.pdfhttps://www.microsoft.com/en-us/research/blog/a-brief-introduction-to-fuzzing-and-why-its-an-important-tool-for-developers/https://www.youtube.com/watch?v=12oEACM5UEU微軟關於fuzz在漏洞挖掘中作用的闡述•Fuzzing VIM
https://www.inputzero.io/2020/03/fuzzing-vim.html用afl對vim進行fuzz跑出來的漏洞:CVE-2019-20079。•Nitro Pro 13 - From Fuzzing to Multiple Heap Corruption
https://nafiez.github.io/security/vulnerability/corruption/fuzzing/2020/03/05/fuzzing-heap-corruption-nitro-pdf-vulnerability.html利用 Basic Fuzzing Framework (BFF)框架fuzz出Nitro PDF軟體漏洞的過程漏洞利用相關•Move aside, signature scanning!」 Better kernel data discovery through lookaside lists
https://windows-internals.com/lookaside-list-forensics/新的windows內核數據結構的搜索方式CTF•Solving a simple CTF challange with Qiling Framework and IDAPro:
https://www.youtube.com/watch?v=SPjVAt2FkKA使用Qiling Framework與IDA Pro解決簡單的CTF比賽演示教程工具bindiff6發布:For IDA 7.4 on Windows, Linux, macOS. If you're feeling lucky, try Ghidra 9.1.2.https://zynamics.com/software.html
先版本的gef發布了:Python2 support dropped, code cleanup, bug fixes, etc.https://github.com/hugsy/gef•etl-parser
https://github.com/airbus-cert/etl-parser解析Microsoft Windows ETL日誌文件工具•BinDiff and IDA Pro - Reverse Engineering Speed Hacks
https://www.youtube.com/watch?v=BLBjcZe-C3I結合ida pro使用bindiff的技巧其它•披露美國中央情報局CIA攻擊組織(APT-C-39)對中國關鍵領域長達十一年的網絡滲透攻擊
https://www.freebuf.com/articles/network/229066.html•KRACE: Data Race Fuzzing for Kernel File Systems
https://www.cc.gatech.edu/~mxu80/pubs/xu:krace.pdf多線程競爭漏洞挖掘相關論文•Project Sandcastle: Android for the iPhone
https://projectsandcastle.org/在iphone上安裝android的項目•CS6038/CS5138 Malware Analysis, UC
https://class.malware.re/Cincinnati大學關於惡意軟體分析的公開課程,包括ppt、視頻等。•Security analysis of memory tagging
https://github.com/microsoft/MSRC-Security-Research/blob/master/papers/2020/Security%20analysis%20of%20memory%20tagging.pdf微軟關於memory tagging 技術的安全研究【平凡路上】是一個致力於二進位漏洞分析與利用交流與分享的圈子,做純粹的技術分享,與大家共同進步。
如果大家覺得公眾號不錯的話,幫忙推薦給身邊的朋友,你的分享是我們的動力。 同時歡迎掃描下方二維碼加入【平凡路上】知識星球,在星球裡面與各位師傅分享自己的經驗與心得以及提出自己的疑問,與大家共同進步。