点击阅读原文可点击链接
Heimdal 安全团队通过蜜罐捕获了一个新的蠕虫样本 - BlueDoom
BlueDoom 几乎集成了 NSA 泄露的所有攻击武器
BlueDoom 攻破用户电脑后并没有释放勒索软件 Payload
期待后续攻击发展
Unlike WannaCry, this worm does not have a “kill switch”. It, however, includes an arsenal of NSA leaked exploits: Architouch, Doublepulsar, EternalBlue, Eternalchampion, Eternalromance, Eternalsynergy, Smbtouch.
Architouch.inconfig
Doublepulsar.inconfig
Eternalblue.inconfig
Eternalchampion.inconfig
Eternalromance.inconfig
Eternalsynergy.inconfig
Smbtouchv.inconfig
https://heimdalsecurity.com/blog/bluedoom-worm-eternablue-nsa-exploits/?utm_content=buffera78a0&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Adylkuzz样本以 WannaCry的传播方式
目的是 "挖矿"
https://securingtomorrow.mcafee.com/mcafee-labs/adylkuzz-coinminer-spreading-like-wannacry/
wannakey - 内存中暴力搜索 WannaCry 勒索软件的加密 RSA 密钥,有了这个 Key 就可以解密还原被 WannaCry 加密后的文件。
作者表示这个工具仅在 Windows XP 上工作,并且成功与否也要看运气。
这个工具利用的是 WannaCry 调用的加密 API 之后释放 RSA Private Key 内存之前没有清空
https://github.com/aguinet/wannakey
技巧:
Firefox 的这个 button 特性也许可以被用来 Bypass WAF:<button onauxclick=alert(1)>Right-Click Me</button>
https://twitter.com/0x6d6172696f/status/865092205182152705
ELF Hello World Tutorial
ELF 文件格式入门教程
http://www.cirosantilli.com/elf-hello-world/
WinDbg, Debugger Objects(dx 命令) 与调试器 JavaScript 扩展
WinDbg, Debugger Objects, and JavaScript! Oh, My!
https://www.osr.com/blog/2017/05/18/windbg-debugger-objects-javascript-oh/
下面是相关知识
dx command:
https://msdn.microsoft.com/en-us/library/windows/hardware/dn936815(v=vs.85).aspx
Writing LINQ queries in WinDbg
https://blogs.msdn.microsoft.com/windbg/2016/10/03/writing-linq-queries-in-windbg/
JavaScript Debugger Example Scripts
https://msdn.microsoft.com/en-us/library/windows/hardware/mt790252(v=vs.85).aspx
Native Debugger Objects in JavaScript Extensions
https://msdn.microsoft.com/en-us/library/windows/hardware/mt790254(v=vs.85).aspx
Defrag Tools #170 – Debugger – JavaScript Scripting
https://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-170-Debugger-JavaScript-Scripting
PowerShell 5.0 的ScriptBlock 可以记录执行过的每一行 PowerShell 代码
反病毒软件可以基于此检测恶意代码
下文是尝试 Bypass 这个特性,禁用 Logging
https://cobbr.io/ScriptBlock-Logging-Bypass.html
安全工具与资源
Acunetix Web Vulnerability Scanner 11.x Service Provider License KeyGen By Hmily[LCG]
http://pan.baidu.com/s/1c1JoyBm 密码:hyue
来自www.52pojie.cn
aria2 :一个轻量级的、支持多种协议、跨平台的命令行下载工具
支持 HTTP/HTTPS, FTP, SFTP, BitTorrent and Metalink
https://github.com/aria2/aria2
漏洞区:
A critical Improper Authentication vulnerability in Uber allowed password reset for any account
Uber 任意用户密码重置漏洞详情
https://securingtomorrow.mcafee.com/mcafee-labs/adylkuzz-coinminer-spreading-like-wannacry/
DanderSpritz framework
The Equation Group’s post-exploitation tools (DanderSpritz and more) Part 1
https://research.kudelskisecurity.com/2017/05/18/the-equation-groups-post-exploitation-tools-danderspritz-and-more-part-1/
CVE-2017-8422/8849:PLASMA PULSAR - kde4/kde5 KAuth 逻辑漏洞 Root Exploit
https://github.com/stealth/plasmapulsar
CVE-2017-0263: win32k!xxxDestroyWindow UAF 提权漏洞的分析
http://blog.ptsecurity.com/2017/05/a-closer-look-at-cve-2017-0263.html