12月6日每日安全热点 - 公开渠道收集由RedDrip7分类的IOC

2019-12-06 10:15:45 360安全客安全资讯 72378 4

恶意软件 Malware

从公共资源收集并由RedDrip7进行分类的IOC

https://github.com/RedDrip7/APT_Digital_Weapon

安全研究 Security Research

BlackHat eu 2019:一种新的java反序列化攻击技术

https://i.blackhat.com/eu-19/Thursday/eu-19-Zhang-New-Exploit-Technique-In-Java-Deserialization-Attack.pdf

BlackHat eu 2019:java RMI及CORBA协议的新利用面

https://i.blackhat.com/eu-19/Wednesday/eu-19-An-Far-Sides-Of-Java-Remote-Protocols.pdf

BlackHat eu 2019:非接触式支付中的漏洞

http://i.blackhat.com/eu-19/Wednesday/eu-19-Galloway-First-Contact-Vulnerabilities-In-Contactless-Payments-2.pdf

BlackHat eu 2019:将iOS内核引导到QEMU上进行交互式Bash Shell

https://i.blackhat.com/eu-19/Wednesday/eu-19-Afek-Booting-The-iOS-Kernel-To-An-Interactive-Bash-Shell-On-QEMU.pdf

Java 中 RMI、JNDI、LDAP、JRMP、JMX、JMS那些事儿（上）

https://paper.seebug.org/1091/

BlackHat eu 2019:高级VBA宏攻击和防御

https://i.blackhat.com/eu-19/Wednesday/eu-19-Lagadec-Advanced-VBA-Macros-Attack-And-Defence-2.pdf

使用XPATH注入获得非法数据访问

https://medium.com/swlh/hacking-xml-data-a64c870b0988

Argus Hacking 比赛上，有团队分享的内核级漏洞 – ldt x86 Bug 的 Paper

http://www.lsd-pl.net/kernelvuln.pdf

CVE-2019-7609：kibanaRCE

https://github.com/hekadan/CVE-2019-7609

（完）