12月31日每日安全热点 - 通过MITER ATT＆CK发现APT攻击

2020-12-31 09:30:13 360安全客安全资讯 8456 4

漏洞 Vulnerability

深信服SSL VPN注入漏洞通告

https://cert.360.cn/warning/detail?id=22786213eb59260733dae25d1677ce57

安全工具 Security Tools

Lilly：通过检索Favicon哈希值，使用被动侦察来找到CDN / WAF背后的真实IP

https://github.com/Dheerajmadhukar/Lilly

Wynis：审核Windows安全的最佳实战

https://github.com/Sneakysecdoggo/Wynis

vulmap：Web漏洞扫描和验证工具

https://github.com/zhzyker/vulmap

CVEHeatMap：使用CalPlot的CVE热图

https://github.com/jgamblin/CVEHeatMap

安全报告 Security Report

通过MITER ATT＆CK发现APT攻击

https://documents.trendmicro.com/assets/white_papers/wp-finding-APTX-attributing-attacks-via-MITRE-TTPs.pdf

安全资讯 Security Information

了解网络欺骗

https://www.pandasecurity.com/en/mediacenter/panda-security/what-is-spoofing/

安全研究 Security Research

使用QEMU-USER在X86上运行ARM二进制程序

https://azeria-labs.com/arm-on-x86-qemu-user/

价值600美元的HTML注入

https://medium.com/bugbountywriteup/a-html-injection-worth-600-dollars-5f065be0ab49

Windows横向移动第2部分– DCOM

https://www.mdsec.co.uk/2020/09/i-like-to-move-it-windows-lateral-movement-part-2-dcom/

测试您的红队基础架构

https://www.mdsec.co.uk/2020/02/testing-your-redteam-infrastructure/

（完）