Internet Explorer デベãƒãƒƒãƒ‘ー センターThe new Microsoft Edge is here and now available to download on all supported versions of Windows, macOS, iOS and Android.
Announcing the all new Attack Surface Analyzer 2.0
Few of us know what is really happening on our systems when we install new software from new or untrusted sources. This is important because most installation processes require elevated privileges, which can lead to undesired system configuration changes. Knowing what changes have been made is vital to maintaining the security of your system, data, and networks. Identifying those changes can be ch
Internet Explorerã§ã‚¼ãƒãƒ‡ã‚¤è„†å¼±æ€§ãŒç™ºè¦‹ã•ã‚Œã‚‹ã€PC上ã®ãƒ•ã‚¡ã‚¤ãƒ«ã‚’ç›—ã¾ã‚Œã‚‹å¯èƒ½æ€§
by mynetx ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ç ”ç©¶è€…ãŒMicrosoft製ã®ã‚¦ã‚§ãƒ–ブラウザã§ã‚ã‚‹Internet Explorer(IE)ã«ã‚¼ãƒãƒ‡ã‚¤è„†å¼±æ€§ãŒå˜åœ¨ã™ã‚‹ã“ã¨ã‚’発見ã—ã¾ã—ãŸã€‚ã“ã®è„†å¼±æ€§ã‚’利用ã™ã‚Œã°ã€ãƒãƒƒã‚«ãƒ¼ãŒWindowsæ載PCã‹ã‚‰ãƒ•ã‚¡ã‚¤ãƒ«ã‚’ç›—ã¿å‡ºã™ã“ã¨ãŒå¯èƒ½ã«ãªã‚‹ã¨ã®ã“ã¨ã§ã™ã€‚ hyp3rlinx.altervista.org/advisories/MICROSOFT-INTERNET-EXPLORER-v11-XML-EXTERNAL-ENTITY-INJECTION-0DAY.txt http://hyp3rlinx.altervista.org/advisories/MICROSOFT-INTERNET-EXPLORER-v11-XML-EXTERNAL-ENTITY-INJECTION-0DAY.txt Internet Explorer zero-day lets hackers
éš ã•ã‚ŒãŸï¼ˆè¦‹ãˆãªã„)デスクトップã«æ½œã‚€è„…å¨ã¨ãã®ä»•çµ„ã¿
普段我々ãŒWindows PCã‚’æ“作ã™ã‚‹ã¨ãã«å¿…ãšç›®ã«ã™ã‚‹é ˜åŸŸã€ã„ã‚ゆるã€ãƒ•ã‚¡ã‚¤ãƒ«ã‚„フォルダã®ã‚¢ã‚¤ã‚³ãƒ³ãŒä¸¦ã‚“ã§ã„る「デスクトップã€ã¨ã„ã†é ˜åŸŸãŒã‚ã‚Šã¾ã™ã€‚ 実ã¯ãã®ãƒ‡ã‚¹ã‚¯ãƒˆãƒƒãƒ—ã®è£å´ã«ã€é€šå¸¸ã§ã¯è¦‹ã‚‹ã“ã¨ã®ã§ããªã„ã€Œéš ã•ã‚ŒãŸãƒ‡ã‚¹ã‚¯ãƒˆãƒƒãƒ—ã€ãŒå˜åœ¨ã—悪用ã•ã‚Œã¦ã„ã‚‹å¯èƒ½æ€§ãŒã‚ã‚Šã¾ã™ã€‚本記事ã§ã¯ã€ãã®è„…å¨ã¨ä»•çµ„ã¿ã‚’掘り下ã’ã¦è§£èª¬ã—ã¾ã™ã€‚ çµè«–ã‹ã‚‰è¿°ã¹ã‚‹ã¨ã€Windows OSã§ã¯é€šå¸¸ã®ãƒ‡ã‚¹ã‚¯ãƒˆãƒƒãƒ—(â€Defaultâ€ã¨ã„ã†å称ã®ãƒ‡ã‚¹ã‚¯ãƒˆãƒƒãƒ—)ã®ä»–ã«æ–°ãŸãªåˆ¥ã®ãƒ‡ã‚¹ã‚¯ãƒˆãƒƒãƒ—ã‚’ä»»æ„ã«ä½œæˆã™ã‚‹ã“ã¨ãŒã§ãる仕組ã¿ãŒå˜åœ¨ã—ã¾ã™ã€‚ãŸã ã—ã€ä¸€èˆ¬ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒç°¡å˜ã«ä½œæˆã§ãるよã†ãªæ–¹æ³•ã‚„手段ã¯ç”¨æ„ã•ã‚Œã¦ã„ã¾ã›ã‚“。ã‚ãã¾ã§ãƒ—ãƒã‚°ãƒ©ãƒ ã‹ã‚‰ãƒ‡ã‚¹ã‚¯ãƒˆãƒƒãƒ—ã‚’æ–°ãŸã«ä½œæˆã™ã‚‹ã‚³ãƒ¼ãƒ‰ï¼ˆWin32API)を呼ã³å‡ºã—ã¦æ˜Žç¤ºçš„ã«ä½œæˆã™ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚ ãã—ã¦ã€ã“ã®ä»•çµ„ã¿ã‚’利用ã—ã¦ãƒ¦ãƒ¼ã‚¶ãƒ¼ã«ã¯è¦‹ã‚‹ã“ã¨ã®ã§ããªã„éš ã•ã‚ŒãŸãƒ‡ã‚¹ã‚¯ãƒˆãƒƒãƒ—を作æˆã—悪用
Pass-the-Hashã®ä»•çµ„ã¿ - Binary Pulsar
æ¦‚è¦ è¿‘å¹´ã€Active Directoryã§æ§‹ç¯‰ã•ã‚ŒãŸãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ã‚’侵害ã™ã‚‹ä¸Šã§ã€ã‚‚ã£ã¨ã‚‚悪用ã•ã‚Œã¦ã„る手法ã®ä¸€ã¤ã¯Pass-the-Hashã¨è¨€ãˆã‚‹ã§ã—ょã†ã€‚組織ã®Active Directoryドメインã®ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ã¸ã®ä¾µå…¥ã«æˆåŠŸã—ãŸæ”»æ’ƒè€…ã¯ã€Pass-the-Hashã®æ‰‹æ³•ã‚’用ã„ã‚‹ã“ã¨ã§ã€å–å¾—ã«æˆåŠŸã—ãŸãƒ‘スワードãƒãƒƒã‚·ãƒ¥å€¤ã‚’平文ã«å¾©å·ã™ã‚‹ã“ã¨ãªãèªè¨¼ã™ã‚‹ã“ã¨ãŒå¯èƒ½ã¨ãªã‚Šã¾ã™ã€‚本記事ã§ã¯ã€Pass-the-Hashã®ä»•çµ„ã¿ã‚’解説ã™ã‚‹ã“ã¨ã§ã€èªè€…ãŒãã®æ‰‹æ³•ã‚’ç†è§£ã§ãるよã†ã«ã™ã‚‹ã“ã¨ã‚’目標ã¨ã—ã¦ã„ã¾ã™ã€‚ パスワードãƒãƒƒã‚·ãƒ¥å€¤ Windows OSã«ãŠã„ã¦ãƒ‘スワードãƒãƒƒã‚·ãƒ¥å€¤ã¯ã€ãƒ¦ãƒ¼ã‚¶ã®ãƒ‘スワードを安全ã«ä¿å˜ã™ã‚‹ã®ã¿ã§ã¯ãªãã€ä¸»ã«ã‚µãƒ¼ãƒã‚„クライアントホストã¸ã®èªè¨¼ã«ç”¨ã„られã¾ã™ã€‚Pass-the-Hashã¨ã„ã†æ‰‹æ³•ã¯ã€Windows OSãŒãƒ‘スワードãƒãƒƒã‚·ãƒ¥å€¤ã‚’用ã„ã¦èªè¨¼ã‚’実施ã™ã‚‹éŽç¨‹ã‚’悪
é”法ã®æ‹¡å¼µå(.SettingContent-ms)
SettingContent-msを悪用ã—ãŸæ”»æ’ƒãŒå®Ÿéš›ã«å‡ºã¦ã„ã¾ã™ã€‚ ã“ã®è³‡æ–™ã¯ã€2018å¹´06月29æ—¥ã«LAC社内会è°ã§ç™ºè¡¨ã—ãŸè³‡æ–™ã«ãªã‚Šã¾ã™ã€‚ æ—¢ã«ã€è©³ç´°ã¯æ—¥æœ¬èªžã«ãªã£ã¦å…¬é–‹ã•ã‚Œã¦ã„ã¾ã™ã®ã§ã€ã“ã¡ã‚‰ã§ã‚‚公開ã—ã¾ã™ã€‚ -
Windowsã®ã‚¤ãƒ™ãƒ³ãƒˆãƒã‚°ï¼ˆSecurity)を見る① ~Microsoft Message Analyzerã®ã‚¹ã‚¹ãƒ¡ï½ž - サイãƒãƒ¼ã‚»ã‚ュリティã¯ã˜ã‚ã¾ã—ãŸ
先日ã€ã«ã‚ƒã‚“☆ãŸãã•ã‚“(@taku888infinity)ã®ãƒ–ãƒã‚°ã§Windowsイベントãƒã‚°ã®è¦‹æ–¹ã«ã¤ã„ã¦è¨˜è¼‰ãŒã‚ã‚Šã¾ã—ãŸã€‚ mkt-eva.hateblo.jp ç§ã‚‚ãŸã¾ã«Windowsã®ã‚¤ãƒ™ãƒ³ãƒˆãƒã‚°ã‚’見るã“ã¨ãŒã‚ã‚Šã¾ã™ãŒã€ã€Œã‚¤ãƒ™ãƒ³ãƒˆãƒã‚°ã®è¦‹æ–¹ã€ã«ã¤ã„ã¦ç´¹ä»‹ã•ã‚Œã¦ã„るサイトãŒéžå¸¸ã«å°‘ãªã„ãŸã‚ã€ã¨ã¦ã‚‚助ã‹ã‚Šã¾ã—ãŸã€‚ ã§ã€ç§ã‚‚公開ã—ã¦ãŠã„ãŸã»ã†ãŒã€èª°ã‹ã—らã®å½¹ã«ç«‹ã¤ã®ã§ã¯ãªã„ã‹ã¨è¨€ã†ã“ã¨ã§ã€è¨˜äº‹ã«ã—ã¦ã¿ã‚‹ã“ã¨ã«ã—ã¾ã—ãŸã€‚ Microsoft Message Analyzerã®ã‚¹ã‚¹ãƒ¡ Microsoft Message Analyzerã¨ã¯ Microsoft Message Analyzerã®ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ« Microsoft Message Analyzerã§ã§ãã‚‹ã“㨠ã¾ã¨ã‚ Microsoft Message Analyzerã®ã‚¹ã‚¹ãƒ¡ 「イベントãƒã‚°ã‚’見るã€ã¨èžãã¨ã€Windowsã«æœ€
)
Sysinternals ã®ãƒ„ールを使用ã—㦠Stuxnet ã®æ„ŸæŸ“状æ³ã‚’分æžã™ã‚‹ - 第 1 部
状æ³ã‚’把æ¡ã—ã¦ã„ãŸã‚ã‘ã§ã¯ã‚ã‚Šã¾ã›ã‚“ã§ã—ãŸãŒã€2010 å¹´ 7 月 5 æ—¥ã«ã€ã‚るプãƒã‚°ãƒ©ãƒžãƒ¼ã‹ã‚‰é€ã‚‰ã‚Œã¦ããŸãƒ¡ãƒ¼ãƒ«ã«æ·»ä»˜ã•ã‚Œã€ãƒ«ãƒ¼ãƒˆã‚ットã¨ã—ã¦èªè˜ã•ã‚ŒãŸãƒ‰ãƒ©ã‚¤ãƒãƒ¼ ファイル (Mrxnet.sys) ã‚’å—ã‘å–ã£ãŸã¨ãã«åˆã‚㦠Stuxnet ã®å˜åœ¨ã‚’知りã¾ã—ãŸã€‚ルートã‚ットã®æ©Ÿèƒ½ã‚’実装ã—ãŸãƒ‰ãƒ©ã‚¤ãƒãƒ¼ã¯çã—ãã‚ã‚Šã¾ã›ã‚“ãŒã€ã“ã®ãƒ‰ãƒ©ã‚¤ãƒãƒ¼ã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³æƒ…å ±ã«ã¯ã€ã“ã‚ŒãŒãƒžã‚¤ã‚¯ãƒã‚½ãƒ•ãƒˆè£½ã®ãƒ‰ãƒ©ã‚¤ãƒãƒ¼ã§ã‚ã‚‹ã¨è¡¨ç¤ºã•ã‚Œã€åˆæ³•çš„ãªã‚³ãƒ³ãƒ”ューター コンãƒãƒ¼ãƒãƒ³ãƒˆãƒ¡ãƒ¼ã‚«ãƒ¼ã§ã‚るリアルテック セミコンダクターãŒç™ºè¡Œã—ãŸæœ‰åŠ¹ãªãƒ‡ã‚¸ã‚¿ãƒ«ç½²åãŒãªã•ã‚Œã¦ã„ãŸã¨ã„ã†ç‚¹ãŒçã—ãã€ç§ã®ç›®ã«ç•™ã¾ã‚Šã¾ã—㟠(Malware Protection Center ãƒãƒ¼ã‚¿ãƒ«ã‚’使用ã™ã‚‹ã®ãŒã€ãƒžã‚¤ã‚¯ãƒã‚½ãƒ•ãƒˆã«ãƒžãƒ«ã‚¦ã‚§ã‚¢ã‚’å ±å‘Šã™ã‚‹å…¬å¼ãªæ–¹æ³•ã§ã™ãŒã€ã“ã®ãƒ—ãƒã‚°ãƒ©ãƒžãƒ¼ãŒã€ç§ã«ãƒ«ãƒ¼ãƒˆã‚ット ドライãƒãƒ¼ã‚’委ãã¦ãã‚ŒãŸã“ã¨ã«æ„Ÿè¬ã—ã¾ã™)。 ç§ã¯ã€
ã¨ã‚る親父ã®ä¾µå…¥å®Ÿé¨“ã€Bad-PDFを使ã£ã¦ã¿ãŸã€‘ - ã†ã•ãƒ–ãƒ
2018å¹´ã®GWå‰åŠã«ã€ŒBad-PDFã€ã¨ã„ã†ãƒ„ールãŒå…¬é–‹ã•ã‚Œã¦ã„ãŸã®ã§ã€ã©ã‚“ãªã‚‚ã®ã‹è©¦ã—ã«ä½¿ã£ã¦ã¿ãŸã€‚事ã®ç™ºç«¯ã¯ã€4月29æ—¥ã®ã“ã®ãƒ„イート https://t.co/FZxefN5l64 Bad-PDF - Steal NTLM hashes using Malicious PDF file, It uses recently disclosed PDF vulnerability by Checkpoint to create malicious PDF document. @KitPloit @TheHackersNews #Badpdf — DeepZec (@DeepZec) 2018å¹´4月29æ—¥ 最近公開ã•ã‚ŒãŸè„†å¼±æ€§ã‚’利用ã—ã¦NTLMãƒãƒƒã‚·ãƒ¥ã‚’ç›—ã¿å‡ºã™æ‚ªæ„ã®ã‚ã‚‹PDFファイルを作れるよã†ã®ã“ã¨ã‚’言ã£ã¦ã‚‹ã€‚実際ã«ã©ã‚“ãªã‚‚ã®ã‹æ¤œè¨¼ã—ãŸã€‚ ã“ã“ã§å–り上ã’る検証ç‰ã‚’実施ã™ã‚‹éš›ã¯ã€å…¨ã¦è‡ª
How to reset a Windows password with Linux
If you (or someone you know) ever forget your Windows password, you'll be glad to know about chntpw, a neat Linux utility that you can use to reset a Windows password. For this how-to, I created a Windows virtual machine and set the password to pass123 on my user account, Archit-PC. I also created a Live USB with Fedora 27 using the Fedora Media Writer application.
ã¨ã‚る親父ã®ä¾µå…¥å®Ÿé¨“ã€MS17-010ã®æ´»ç”¨ã€‘ - ã†ã•ãƒ–ãƒ
今更ãªã‚“ã ã‘ã©æœ€è¿‘話題ã®WannaCryptãŒåˆ©ç”¨ã—ã¦ã„ã‚‹ã“ã¨ã§ãŠé¦´æŸ“ã¿ã®è„†å¼±æ€§ã€ŒMS17-010ã€ã‚’利用ã—ãŸæ”»æ’ƒã¨ã„ã†ã‚‚ã®ã‚’検証ã—ã¦ã¿ãŸã„ã¨æ€ã†ã€‚ itpro.nikkeibp.co.jp 本脆弱性ã«é–¢ã™ã‚‹ç´°ã‹ã„ã“ã¨ã¯ä»¥ä¸‹ã®ãƒªãƒ³ã‚¯ã‚’å‚ç…§ã—ã¦ãã ã•ã„。 マイクãƒã‚½ãƒ•ãƒˆ ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£æƒ…å ± MS17-010 - 緊急 今回ã¯ã€ã“ã®å‹•ç”»ã‚’å‚考ã«ã—ã¦ã„ã¾ã™ã€‚ Ms17 010 eternalblue 準備ã—ãŸã‚‚ã® MacBook Pro 環境(仮想環境) Kali Linux(192.168.1.100) Windows 7 (192.168.1.150) 1 環境構築 ã“ã®å‹•ç”»ã«ã‚ˆã‚‹ã¨ã€ã¾ãšã€wineをインストールã™ã‚‹ã€‚ root@kl-01rbt:~# apt-get update root@kl-01rbt:~# apt-get install wine32 我ãŒå®¶ã®ç’°å¢ƒã§ã¯ã€æ—¢ã«ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼
Exploiting Electron RCE in Exodus wallet | HackerNoon
While browsing Twitter I’ve noticed ElectronJS remote code execution vulnerability in protocol handler. That sounds severe. As stated in official description, for application to be vulnerable is enough to register itself as default handler for some protocol. I had one application based on Electron installed on my laptop that I was looking into some time ago — Exodus cryptocurrencies wallet. I knew
Protocol Handler Vulnerability Fix | Electron
A remote code execution vulnerability has been discovered affecting Electron apps that use custom protocol handlers. This vulnerability has been assigned the CVE identifier CVE-2018-1000006. Affected Platforms​ Electron apps designed to run on Windows that register themselves as the default handler for a protocol, like myapp://, are vulnerable. Such apps can be affected regardless of how the proto
ランã‚ング
ランã‚ング
ãŠçŸ¥ã‚‰ã›
リリースã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“スã®ãŠçŸ¥ã‚‰ã›
最新ã®äººæ°—エントリーã®é…ä¿¡
j次ã®ãƒ–ックマーク
kå‰ã®ãƒ–ックマーク
lã‚ã¨ã§èªã‚€
eコメント一覧を開ã
oページを開ã
Hunting for Privilege Escalation in Windows Environment
GitHub - palantir/windows-event-forwarding: A repository for using windows event forwarding for incident detection and response
[301] Mac上ãªã©ã®ä»®æƒ³ç’°å¢ƒã§IEã‚„Edgeãªã©ã®Windowsブラウザを動ã‹ã™æ–¹æ³• 2021年版 - Qiita![[301] Mac上ãªã©ã®ä»®æƒ³ç’°å¢ƒã§IEã‚„Edgeãªã©ã®Windowsブラウザを動ã‹ã™æ–¹æ³• 2021年版 - Qiita](https://cdn-ak-scissors.b.st-hatena.com/image/square/17eaf94119ed14e8707a13f050f5510a1e55fbb0/backend=imagemagick;height=288;version=1;width=512/https%3A%2F%2Fqiita-user-contents.imgix.net%2Fhttps%253A%252F%252Fcdn.qiita.com%252Fassets%252Fpublic%252Farticle-ogp-background-412672c5f0600ab9a64263b751f1bc81.png%3Fixlib%3Drb-4.0.0%26w%3D1200%26mark64%3DaHR0cHM6Ly9xaWl0YS11c2VyLWNvbnRlbnRzLmltZ2l4Lm5ldC9-dGV4dD9peGxpYj1yYi00LjAuMCZ3PTk3MiZoPTM3OCZ0eHQ9JTVCMzAxJTVEJTIwTWFjJUU0JUI4JThBJUUzJTgxJUFBJUUzJTgxJUE5JUUzJTgxJUFFJUU0JUJCJUFFJUU2JTgzJUIzJUU3JTkyJUIwJUU1JUEyJTgzJUUzJTgxJUE3SUUlRTMlODIlODRFZGdlJUUzJTgxJUFBJUUzJTgxJUE5JUUzJTgxJUFFV2luZG93cyVFMyU4MyU5NiVFMyU4MyVBOSVFMyU4MiVBNiVFMyU4MiVCNiVFMyU4MiU5MiVFNSU4QiU5NSVFMyU4MSU4QiVFMyU4MSU5OSVFNiU5NiVCOSVFNiVCMyU5NSUyMDIwMjElRTUlQjklQjQlRTclODklODgmdHh0LWFsaWduPWxlZnQlMkN0b3AmdHh0LWNvbG9yPSUyMzFFMjEyMSZ0eHQtZm9udD1IaXJhZ2lubyUyMFNhbnMlMjBXNiZ0eHQtc2l6ZT01NiZzPTJhNTQzYTUwMGVkZjNmNTgyYTk4YThhZjU0ZmI3ODU4%26mark-x%3D142%26mark-y%3D57%26blend64%3DaHR0cHM6Ly9xaWl0YS11c2VyLWNvbnRlbnRzLmltZ2l4Lm5ldC9-dGV4dD9peGxpYj1yYi00LjAuMCZoPTc2Jnc9NzcwJnR4dD0lNDBzdHVkaW8xNSZ0eHQtY29sb3I9JTIzMUUyMTIxJnR4dC1mb250PUhpcmFnaW5vJTIwU2FucyUyMFc2JnR4dC1zaXplPTM2JnR4dC1hbGlnbj1sZWZ0JTJDdG9wJnM9Y2NkNDVhMzY2NjIzOWQ1ZDFlOWIyNzI5NjhmZDA4MmY%26blend-x%3D142%26blend-y%3D436%26blend-mode%3Dnormal%26txt64%3DaW4gUWlpdGFkb27jg6bjg7zjgrbjg7zkvJo%26txt-width%3D770%26txt-clip%3Dend%252Cellipsis%26txt-color%3D%25231E2121%26txt-font%3DHiragino%2520Sans%2520W6%26txt-size%3D36%26txt-x%3D156%26txt-y%3D536%26s%3Dedde7678db0e178950997e2b5cbabeb5)
Amazon.co.jp: Windows Security Monitoring: Scenarios and Patterns: Miroshnikov, Andrei: 本
Amazon.co.jp: インサイドWindows 第7版 上 システムアーã‚テクãƒãƒ£ã€ãƒ—ãƒã‚»ã‚¹ã€ã‚¹ãƒ¬ãƒƒãƒ‰ã€ãƒ¡ãƒ¢ãƒªç®¡ç†ã€ä»– (マイクãƒã‚½ãƒ•ãƒˆå…¬å¼è§£èª¬æ›¸): Pavel Yosifovich (è‘—), Alex Ionescu (è‘—), Mark E. Russinovich (è‘—), David A. Solomon (è‘—), 山内和朗 (翻訳): 本
https://www.freia.jp/taka/blog/windows-native-ssh-client/index.html
PDF – NTLM Hashes
{{#tags}}- {{label}}
{{/tags}}