[SECHebdo] 13 janvier 2021

Nous venons de tourner un nouveau SECHebdo en live sur Youtube. Comme d’habitude, si vous avez raté l’enregistrement, vous pouvez le retrouver sur notre chaîne Youtube (vidéo ci-dessus) ou bien au format podcast audio: Au sommaire de cette émission : Todo (00:01:30) Notre discord : http://discord.comptoirsecu.fr A bientôt pour d’autres émissions/podcasts! Liste des sources : Article sur Typo3 & Laravel Typo3: leak to Remote code execution. | Synacktiv Laravel <= v8.4.2 debug mode: Remote code execution Outils redir web, BloodHound custom queries, et MindMaps 1u.ms SecurityTips/MindMaps at master · hackerscrolls/SecurityTips · GitHub GitHub - hausec/Bloodhound-Custom-Queries: Custom Query list for the Bloodhound GUI based off my cheatsheet Le vaccin vu par un Reverseur Reverse Engineering the source code of the BioNTech/Pfizer SARS-CoV-2 Vaccine - Articles Administration, la fin des red forests Enhanced Security Admin Environment (ESAE) architecture mainstream retirement | Microsoft Docs Rapidly modernize your security infrastructure | Microsoft Docs SolarWinds Highly Evasive Attacker Leverages SolarWinds Supply Chain to CompromiseMultiple Global Victims With SUNBURST Backdoor | FireEye Inc SUNBURST Additional Technical Details | FireEye Inc Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers - Microsoft Security Solorigate Resource Center – updated December 31st, 2020 – Microsoft Security Response Center Sunburst backdoor – code overlaps with Kazuar | Securelist SUNSPOT Malware: A Technical Analysis | CrowdStrike New Findings From Our Investigation of SUNBURST - Orange Matter Patch Tuesday Microsoft Patch Tuesday by Morphus Labs