nganhkhoa/mether049-malware
1
0
Fork 0
mirror of https://github.com/nganhkhoa/malware.git synced 2024-06-10 21:32:07 +07:00
Code Issues Projects Releases Wiki Activity

Update malware-tech_ref_and_memo.md

Browse Source
This commit is contained in:
mether049 2020-11-08 00:00:39 +09:00 committed by GitHub
parent 2fecf16e61
commit a4e9ec9a6b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
malware-tech_ref_and_memo.md
View File

@ -596,6 +596,16 @@ taskkill -f -im
- [17JAN2017 - Abusing native Windows functions for shellcode execution](http://ropgadget.com/posts/abusing_win_functions.html)
- [Evasive VBA — Advanced Maldoc Techniques](https://medium.com/walmartlabs/evasive-vba-advanced-maldoc-techniques-1365e9373f80)
## Exploit
- Officeの脆弱性
- CVE-2017-11882
- 数式エディタの脆弱性
- 頻繁に利用される
- CVE-2018-0802
- 数式エディタの脆弱性
- 頻繁に利用される
# Malicious JavaScript
### Formjacking
- ref:
@ -609,6 +619,7 @@ taskkill -f -im
- 様々なShell Backdoor(PHP/ASP)<br>
[Shell Backdoor List - PHP / ASP Shell Backdoor List](https://www.kitploit.com/2020/01/shell-backdoor-list-php-asp-shell.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PentestTools+%28PenTest+Tools%29)
# rootkit
## LKM rootkit
- 動的にカーネルに組み込めるモジュールであるLKM(Loadable Kernel Module)を利用してsys_call_tableの特定のカーネル関数のアドレスを任意の関数のアドレスへと書き換えることで本来とは異なるカーネル関数であるrootkitのカーネル関数等が呼び出せるようになる(システムコールフック)