【行业资讯】【Twitter实时技术-2017.6.03】

在线翻译奉上:https://translate.google.com/translate?hl=&sl=en&tl=zh-CN&u=https%3A%2F%2Fxianzhi.aliyun.com%2Fforum%2Fread%2F1670.html

致谢

  • @Todaro

  • @Avfisher

  • @章鱼小团子

Untrusted Java serialization in Soffid IAM console allows remote attackers to achieve remote code execution  

http://www.soffid.com/security-advisory1-update/

Why Your Encrypted Database Is Not Secure  

https://eprint.iacr.org/2017/468.pdf

MISP Galaxy Cluster including Exploit-Kit, Microsoft Activity Group actor, Preventive Measure, Ransomware, TDS...  

https://www.misp.software/galaxy.html

Deploying Microsoft Advanced Threat Analytics  

https://zh.scribd.com/document/340534777/Deploying-Microsoft-Advanced-Threat-Analytics-ATA-tuto-de-A-a-Z

Arbitrary File Reading in Next.js < 2.4.1  

https://raz0r.name/vulnerabilities/arbitrary-file-reading-in-next-js-2-4-1/

WAF Bypass at PHDays VII: Results and Answers  

http://blog.ptsecurity.com/2017/06/waf-bypass-at-phdays-vii-results-and.html

A book-in-progress about the linux kernel and its insides.  

https://0xax.gitbooks.io/linux-insides/content/

LazyDroid:bash script to facilitate some aspects of an Android application assessment  

https://github.com/nccgroup/LazyDroid

phone number exposure for riders/drivers given email/uuid  in Uber  

https://hackerone.com/reports/225243

New version of MWI using CVE-2017-0199 to load an HTA for payload delivery/execution and reports about the system  

https://www.proofpoint.com/us/threat-insight/post/microsoft-windows-intruder-integrates-cve-2017-0199-utilized-cobalt-group-target

PowerLessShell : Rely on  MSBuild.exe to remotely execute PowerShell scripts/cmds without spawing powershell.exe  

https://github.com/Mr-Un1k0d3r/PowerLessShell

APT#  #钓鱼分析#  PowerPoint File Downloads Malware When You Hover a Link, No Macros Required:

https://www.bleepingcomputer.com/news/security/powerpoint-file-downloads-malware-when-you-hover-a-link-no-macros-required/ 这个有点意思

httpstat:curl statistics made simple  

https://github.com/reorx/httpstat

MultiScanner is a file analysis framework that assists the user in evaluating a set of files by automatically running a suite of tools for the user and aggregating the output.  

https://github.com/mitre/multiscanner

Threat actors leverage EternalBlue exploit to deliver non-WannaCry payloads  

https://www.fireeye.com/blog/threat-research/2017/05/threat-actors-leverage-eternalblue-exploit-to-deliver-non-wannacry-payloads.html

Announcing Google Capture the Flag 2017  

https://security.googleblog.com/2017/06/announcing-google-capture-flag-2017.html?m=1  ;

谷歌ctf看似开始了

Blackhat 2017#安全工具集:

Android, iOS and Mobile Hacking
Android Tamer
链接:Android Tamer · GitHub
DiffDroid
链接:GitHub - antojoseph/diff-droid: Various Scripts fo...
Kwetza
链接:GitHub - sensepost/kwetza: Python script to inject...
Needle
链接:GitHub - mwrlabs/needle: The iOS Security Testing ...
NoPE Proxy (Non-HTTP Proxy Extension)
链接:GitHub - summitt/Burp-Non-HTTP-Extension: Non-HTTP...

Code Assessment
Puma Scan
链接:GitHub - pumasecurity/puma-scan: Puma Scan is the ...
Tintorera: Source Code Intelligence (Code not yet uploaded)
链接:GitHub - vulnex/Tintorera: Source Code Intelligenc...

Cryptography
Hashview
链接:GitHub - hashview/hashview: A web front-end for pa...
Gibber Sense
链接:GitHub - smxlabs/gibbersense: Extract Sense out of...

Data Forensics and Incident Response
PcapDB: Optimized Full Network Packet Capture for Fast and Efficient Retrieval
链接:GitHub - dirtbags/pcapdb: A Distributed, Search-Op...
SCOT (Sandia Cyber Omni Tracker) Threat Intelligence and Incident Response Management System
链接:GitHub - sandialabs/scot: Sandia Cyber Omni Tracke...
Security Monkey
链接:GitHub - Netflix/security_monkey: Security Monkey
ThreatResponse: An Open Source Toolkit for Automating Incident Response in AWS
链接:ThreatResponse · GitHub
Yalda — Automated Bulk Intelligence Collection (Code not yet uploaded)
链接:gitaziabari/Yalda · GitHub

Exploitation and Ethical Hacking
AVET — AntiVirus Evasion Tool
链接:GitHub - govolution/avet: AntiVirus Evasion Tool
GDB Enhanced Features (GEF)
链接:GitHub - hugsy/gef: Multi-Architecture GDB Enhance...
Leviathan Framework
链接:GitHub - leviathan-framework/leviathan: wide range...
MailSniper
链接:GitHub - dafthack/MailSniper: MailSniper is a pene...
Seth
链接:GitHub - SySS-Research/Seth: Perform a MitM attack...

Hardware/Embedded
ChipWhisperer
链接:GitHub - newaetech/chipwhisperer: ChipWhisperer - ...
DYODE, a DIY, Low-Cost Data Diode for ICS
链接:GitHub - arnaudsoullie/dyode: A low-cost data diod...
FTW: Framework for Testing WAFs
链接:GitHub - fastly/ftw: Framework for Testing WAFs (F...
The Bicho: An Advanced Car Backdoor Maker
链接:GitHub - UnaPibaGeek/CBM: Car Backdoor Maker - by ...

Internet of Things
Hacker Mode
链接:GitHub - xssninja/Alexa-Hacker-Mode: Node JS code ...
Universal Radio Hacker: Investigate Wireless Protocols Like a Boss
链接:GitHub - jopohl/urh: Universal Radio Hacker: inves...

Malware Defense
Aktaion v2 — Open Source Machine Learning and Active Defense Tool
链接:GitHub - jzadeh/Aktaion
Cuckoo Sandbox
链接:GitHub - cuckoosandbox/cuckoo: Cuckoo Sandbox is a...
LimaCharlie
链接:GitHub - refractionPOINT/limacharlie: Endpoint mon...
Malboxes
链接:GitHub - GoSecure/malboxes: Builds malware analysi...

Network Attacks
BloodHound 1.3
链接:GitHub - BloodHoundAD/BloodHound: Six Degrees of D...
CrackMapExec v4
链接:GitHub - byt3bl33d3r/CrackMapExec: A swiss army kn...
DELTA: SDN Security Evaluation Framework
链接:GitHub - OpenNetworkingFoundation/DELTA: PROJECT D...
eaphammer
链接:GitHub - s0lst1c3/eaphammer: Targeted evil twin at...
gr-lora: An Open-Source SDR Implementation of the LoRa PHY
链接:GitHub - BastilleResearch/gr-lora: GNU Radio OOT m...
Yasuo
链接:GitHub - 0xsauby/yasuo: A ruby script that scans f...

Network Defense
Assimilator
链接:GitHub - videlanicolas/assimilator: Automatic fire...
Noddos
链接:GitHub - noddos/noddos: Noddos client
SITCH: Distributed, Coordinated GSM Counter-Surveillance
链接:GitHub - sitch-io/sensor: Sensor software
Sweet Security
链接:GitHub - TravisFSmith/SweetSecurity: Create a defe...

OSINT — Open Source Intelligence
Datasploit — Automated Open Source Intelligence (OSINT) Tool
链接:GitHub - DataSploit/datasploit: A tool to perform ...
Dradis: 10 Years Helping Security Teams Spend More Time Testing and Less Time Reporting
链接:GitHub - dradis/dradis-ce: Dradis Framework: Colll...
OSRFramework: Open Sources Research Framework
链接:GitHub - i3visio/osrframework: OSRFramework, the O...

Reverse Engineering
BinGrep
链接:GitHub - m4b/bingrep: like grep, but for binaries

Vulnerability Assessment
Aardvark and Repokid
链接:GitHub - square/Aardvark: Aardvark is a library th...
SERPI

标题:

Deploying Microsoft Advanced Threat Analytics  

链接:

https://zh.scribd.com/document/340534777/Deploying-Microsoft-Advanced-Threat-Analytics-

点评:

部署微软高级威胁分析系统:ATA是微软提供的一套基威胁分析系统,核心的通过四步进行保护:
1、深度数据包分析流量
2、自学习用户、设备与资源,并绘制安全图
3、在组织安全图构造好后,实时发现异常行为
4、告警
可以参考国内的安装手册:
https://docs.microsoft.com/zh-cn/advanced-threat-analytics/deploy-use/ata-silent-installationATA-tuto-de-A-a-Z

小团子妹纸,辛苦了  
感谢

技术交流QQ群: 397745473
来自:https://xianzhi.aliyun.com/forum/read/1670.html?fpage=2

评论

发表评论

此博客中的热门博文

【漏洞研究】[渗透测试]滲透Facebook的思路與發現

图片
原文:http://devco.re/blog/2016/04/21/how-I-hacked-facebook-and-found-someones-backdoor-script/ 寫在故事之前 身為一位滲透測試人員,比起 Client Side 的弱點我更喜歡 Server Side 的攻擊,能夠直接的控制伺服器、獲得權限操作 SHELL 才爽 <( ̄︶ ̄)> 當然一次完美的滲透任何形式的弱點都不可小覷,在實際滲透時偶爾還是需要些 Client Side 弱點組合可以更完美的控制伺服器,但是在尋找弱點時我本身還是先偏向以可直接進入伺服器的方式來去尋找風險高、能長驅直入的弱點。 隨著 Facebook 在世界上越來越火紅、用戶量越來越多,一直以來都有想要嘗試看看的想法,恰巧 Facebook 在 2012 年開始有了 Bug Bounty 獎金獵人的機制讓我更躍躍欲試。 一般如由滲透的角度來說習慣性都會從收集資料、偵查開始,首先界定出目標在網路上的 "範圍" 有多大,姑且可以評估一下從何處比較有機會下手。例如: Google Hacking 到什麼資料? 用了幾個 B 段的 IP ? C 段的 IP ? Whois? Reverse Whois? 用了什麼域名? 內部使用的域名? 接著做子域名的猜測、掃描 公司平常愛用什麼樣技術、設備? 在 Github, Pastebin 上是否有洩漏什麼資訊? …etc 當然 Bug Bounty 並不是讓你無限制的攻擊,將所蒐集到的範圍與 Bug Bounty 所允許的範圍做交集後才是你真正可以去嘗試的目標。 一般來說大公司在滲透中比較容易出現的問題點這裡舉幾個例子來探討 對多數大公司而言," 網路邊界 " 是比較難顧及、容易出現問題的一塊,當公司規模越大,同時擁有數千、數萬台機器在線,網管很難顧及到每台機器。在攻防裡,防守要防的是一個面,但攻擊只需找個一個點就可以突破,所以防守方相對處於弱勢,攻擊者只要找到一台位於網路邊界的機器入侵進去就可以開始在內網進行滲透了! 對於 " 連網設備 " 的安全意識相對薄弱,由於連網設備通常不會提供 SHELL 給管理員做進一步的操作,只能由設備本身所提供的介...
阅读全文

【技术讨论】使用apache mod_rewrite方法随机提供payloads

图片
本文中讲述的方法更适用于真实渗透测试环境中,因为电子邮件钓鱼往往是威胁到整个公司,而不是只威胁到红队的测试环境。因为电子邮件钓鱼具有高针对性,并且手动设置攻击载荷对攻击来说也是很麻烦的。所以请阅读这篇文章,我会通过设置一个apache重定向器或者直接设置一个服务器,通过RewrieMap从预定义的攻击payload列表中随机选取payload进行提供。 apache中RewriteMap方法允许外部的程序比如脚本,数据库,文本文件等映射到服务器内部。在官方文档中使用最多的例子:如果一家网店的url结构想从item-1234到iphone-7-white,那么网站管理员无需更改任何硬编码的代码,只需当访问item-1234时,apache来提供iphone-7-white这一url。RewriteMap提供了大量修改这些资源的方法。我们会使用RewriteMap从一个文本文档中提取的payload转换为URI,并且当被访问时,进行302跳转,使目标能够访问到我们随机的payload文件。 下图就是攻击的主要内容: 环境配置 apache环境需要更改一些设置以便服务器环境支持mod_rewrite以及RewriteMap方法。这些设置的详细信息都在我之前的 一篇文章 中写过。长话短说,打开位于/etc/apache2/的apache2.conf文件,通过增加以下代码重写htaccess文件: <Directory /var/www/>         Options Indexes FollowSymLinks         AllowOverride None         Require all granted </Directory> 如果你的重定向器的网站根目录不是默认的/var/www,你需要去更改一下AllowOverride的响应目录。 在配置服务器的文档中,我们需要在底部添加: RewriteMap payloads "rnd:/var/www/payloads.txt" 这一行代码就告诉mod_rewrite方法,当我们使用RewriteMap调用payload变量时,就会从/var/www/payloads.txt提取。apache用户必须具有读取这一文件的权限。并且应该储存在w...
阅读全文