本期关键字:攻防演练、渗透经验、Windows内网渗透、验证码漏洞、子域名监控、Linux提权、Docker安全性、硬件分析、图卷积神经网络、NLP技术、混合P2P网络、差分重放技术、智能设备安全等。
2020/06/29-2020/07/05
安全技术
[恶意分析] 全球高级持续性威胁(APT)2020年中报告
https://ti.qianxin.com/uploads/2020/06/29/e4663b4f11f01e5ec8a1a5d91a71dc72.pdf
https://ti.qianxin.com/uploads/2020/06/29/e4663b4f11f01e5ec8a1a5d91a71dc72.pdf
[漏洞分析] Automating DLL Hijack Discovery
https://posts.specterops.io/automating-dll-hijack-discovery-81c4295904b0
https://posts.specterops.io/automating-dll-hijack-discovery-81c4295904b0
[漏洞分析] Netgear R6700v3 LAN RCE write-up and exploit
https://github.com/pedrib/PoC/blob/master/advisories/Pwn2Own/Tokyo_2019/tokyo_drift/tokyo_drift.md
https://github.com/pedrib/PoC/blob/master/advisories/Pwn2Own/Tokyo_2019/tokyo_drift/tokyo_drift.md
[漏洞分析] Laravel 5.7反序列化漏洞(CVE-2019-9081+2020第五空间题解)
http://zeroyu.xyz/2020/06/28/Laravel-5-7%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E-CVE-2019-9081-2020%E7%AC%AC%E4%BA%94%E7%A9%BA%E9%97%B4%E9%A2%98%E8%A7%A3/
http://zeroyu.xyz/2020/06/28/Laravel-5-7%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E-CVE-2019-9081-2020%E7%AC%AC%E4%BA%94%E7%A9%BA%E9%97%B4%E9%A2%98%E8%A7%A3/
[运维安全] FDEU-CVE-2019-10222
https://full-disclosure.eu/reports/2019/FDEU-CVE-2019-10222-telia-savitarna-backdoor.html
https://full-disclosure.eu/reports/2019/FDEU-CVE-2019-10222-telia-savitarna-backdoor.html
[运维安全] Detect lateral movement with Azure Sentinel
https://zolder.io/2020/07/01/using-a-firewall-and-sentinel-to-detect-lateral-movement/?a=q
https://zolder.io/2020/07/01/using-a-firewall-and-sentinel-to-detect-lateral-movement/?a=q
[漏洞分析] Exploiting an Envoy heap vulnerability
https://blog.envoyproxy.io/exploiting-an-envoy-heap-vulnerability-96173d41792
https://blog.envoyproxy.io/exploiting-an-envoy-heap-vulnerability-96173d41792
[漏洞分析] Some DOS bugs while processing Microsoft LNK files
https://ezqelusia.blogspot.com/2020/06/some-dos-bugs-while-processing.html
https://ezqelusia.blogspot.com/2020/06/some-dos-bugs-while-processing.html
[移动安全] Android App Source code Extraction and Bypassing Root and SSL Pinning checks
https://vj0shii.info/android-app-testing-initial-steps/
https://vj0shii.info/android-app-testing-initial-steps/
[Web安全] Taking over Azure DevOps Accounts with 1 Click
https://blog.assetnote.io/2020/06/28/subdomain-takeover-to-account-takeover/?v=2
https://blog.assetnote.io/2020/06/28/subdomain-takeover-to-account-takeover/?v=2
[Web安全] SSRF on Zimbra Led to Dump All Credentials in Clear Text
https://medium.com/bugbountywriteup/story-of-a-2-5k-bounty-ssrf-on-zimbra-led-to-dump-all-credentials-in-clear-text-6fe826005ccc
https://medium.com/bugbountywriteup/story-of-a-2-5k-bounty-ssrf-on-zimbra-led-to-dump-all-credentials-in-clear-text-6fe826005ccc
[运维安全] Hunting for anomalous sessions in your data with Azure Sentinel
https://techcommunity.microsoft.com/t5/azure-sentinel/hunting-for-anomalous-sessions-in-your-data-with-azure-sentinel/ba-p/1492490
https://techcommunity.microsoft.com/t5/azure-sentinel/hunting-for-anomalous-sessions-in-your-data-with-azure-sentinel/ba-p/1492490
[漏洞分析] Breaking Windows KASLR by Leaking KVA Shadow Mappings
https://labs.bluefrostsecurity.de/blog/2020/06/30/meltdown-reloaded-breaking-windows-kaslr/
https://labs.bluefrostsecurity.de/blog/2020/06/30/meltdown-reloaded-breaking-windows-kaslr/
[漏洞分析] ZombieVPN, Breaking That Internet Security
https://0xsha.io/posts/zombievpn-breaking-that-internet-security
https://0xsha.io/posts/zombievpn-breaking-that-internet-security
-----微信ID:SecWiki-----
SecWiki,8年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第331期)
来源:freebuf.com 2020-07-06 15:32:28 by: SecWiki
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
请登录后发表评论
注册