安全资讯
[新闻] 远不止FBI和CIA——美国情报机构红宝书
https://mp.weixin.qq.com/s/AUwNbrUuiE7DldWeK9QcOA
[法规] 关于《网络安全审查办法(征求意见稿)》公开征求意见
http://www.cac.gov.cn/2019-05/24/c_1124532846.htm
[观点] 网络安全行业不会一家独大
https://mp.weixin.qq.com/s/pyJYZZqrdiVjjtCdRaxkOw
安全技术
[运维安全] 应急响应实战笔记
https://github.com/Bypass007/Emergency-Response-Notes
[Web安全] 鱼叉攻击-尝试
https://payloads.online/archivers/2019-05-21/1?from=timeline
[漏洞分析] CVE-2019-0708 Technical Analysis (RDP-RCE)
https://wazehell.io/2019/05/22/cve-2019-0708-technical-analysis-rdp-rce/
[Web安全] 蚁剑绕WAF进化图鉴
https://mp.weixin.qq.com/s/u8_d8MXvFuwOyIMZZMBsog
[Web安全] 域渗透——普通用户权限获得DNS记录
[工具] Acunetix Vulnerability Scanner现可进行网络安全扫描
https://nosec.org/home/detail/2651.html
[Web安全] 无需括号和分号的XSS
https://nosec.org/home/detail/2654.html
[其它] CTF中常见编码、代码混淆及加解密
https://mp.weixin.qq.com/s/-19rmEhN7T_VQJKYZntHCQ
[工具] 分布式web漏洞扫描平台WDScanner v1.1版本发布
https://mp.weixin.qq.com/s/ZbahHqET6ePysrqUFgeNYA
[Web安全] 从后渗透分析应急响应的那些事儿(二)免杀初识篇
https://mp.weixin.qq.com/s/BBnbrDQ2EcXbz5AZF6PY8g
[Web安全] 如何将XSS漏洞从中危提升到严重
https://nosec.org/home/detail/2661.html
[其它] RCTF 2019 Web Writeup
[数据挖掘] 异常检测的N种方法
https://mp.weixin.qq.com/s/w7SbAHxZsmHqFtTG8ZAXNg
[其它] 我生命中最昂贵的经历:SIM卡移植攻击
https://nosec.org/home/detail/2662.html
[工具] Pymetasploit3:使用Python3实现Metasploit自动化
https://nosec.org/home/detail/2663.html
[数据挖掘] 深度学习算法地图
https://mp.weixin.qq.com/s/fRBdRo8eI1N_bUqh7k7I3A
[比赛] 第一届HDCTF Write up
https://www.anquanke.com/post/id/178909
[设备安全] 智能摄像头安全分析及案例参考
https://mp.weixin.qq.com/s/LS125u6qFxUoXm2CwnPepw
[漏洞分析] Microsoft Edge Renderer Exploitation (CVE-2019-0940). Part 1
[移动安全] APP漏洞利用组合拳——应用克隆案例分析
http://blog.nsfocus.net/app-vulnerability-exploitation-combination-boxing/
[漏洞分析] APT28分析之CVE-2015-1641样本分析
[工具] CVE-2019-0803: Win32k Elevation of Privilege Poc
https://github.com/ExpLife0011/CVE-2019-0803
[Web安全] 西部数码MyCloud NAS命令执行漏洞
https://nosec.org/home/detail/2664.html
[漏洞分析] CVE-2019-8506 JavaScriptCore exploit
http://lordofpwn.kr/index.php/writeup/cve-2019-8506-javascriptcore-exploit/
[工具] Sojobo – Yet another binary analysis framework
https://antonioparata.blogspot.com/2019/05/sojobo-yet-another-binary-analysis.html
[Web安全] jQuery 安全模型解释
https://www.cnblogs.com/aichenxy/p/7207319.html
[Web安全] 从Zend虚拟机分析PHP加密扩展
https://blog.zsxsoft.com/post/40
[比赛] 国赛-bbvvmm-SM4逆向分析,虚拟机指令分析
[Web安全] SonarQube踩坑记
https://bloodzer0.github.io/ossa/application-security/code-audit/sonarqube-error/
[工具] CheckVM-Sandbox
https://github.com/sharepub/CheckVM-Sandbox
[漏洞分析] iOS/OSX Content Filter Kernel UAF Analysis + POC
https://blog.zecops.com/vulnerabilities/analysis-and-poc-of-content-filter-kernel-use-after-free/
[漏洞分析] Hacking Facebook the Hard Way
https://www.symbo1.com/articles/2019/05/21/hacking-facebook-the-hard-way.html
[其它] Awesome-Cellular-Hacking
https://github.com/W00t3k/Awesome-Cellular-Hacking
[移动安全] 【移动安全】移动应用安全基础篇——破掉iOS加密数据
https://mp.weixin.qq.com/s/e2DQ18txynHqwplCROsoEA
[恶意分析] Injecting shellcode into x64 ELF binaries
https://www.matteomalvica.com/blog/2019/05/18/elf-injection/
[Web安全] XSS without parentheses and semi-colons
https://portswigger.net/blog/xss-without-parentheses-and-semi-colons
[漏洞分析] Reverse Engineering the iClicker Base Station
https://blog.ammaraskar.com/iclicker-reverse-engineering/
[漏洞分析] Stealing Downloads from Slack Users
https://medium.com/tenable-techblog/stealing-downloads-from-slack-users-be6829a55f63
[恶意分析] Using the Exception Directory to find GetProcAddress
https://modexp.wordpress.com/2019/05/19/shellcode-getprocaddress/
[恶意分析] Reversing Golang Binaries: Part-1
https://medium.com/@nishanmaharjan17/reversing-golang-binaries-part-1-c273b2ca5333
[漏洞分析] ESCAPING THE CHROME SANDBOX WITH A WIN32K NDAY
https://blog.exodusintel.com/2019/05/17/windows-within-windows/
[工具] Even more secret Telegrams
https://medium.com/@labunskya/secret-telegrams-bdd2035b6e84
[漏洞分析] 2000day in Safari
https://speakerdeck.com/bo0om/2000day-in-safari
[Web安全] XSSed my way to 1000$
https://gauravnarwani.com/xssed-my-way-to-1000/
[漏洞分析] Getting Into Browser Exploitation
https://liveoverflow.com/getting-into-browser-exploitation-new-series-introduction-browser-0x00/
[Web安全] Is MIME Sniffing XSS a real thing?
https://www.komodosec.com/post/mime-sniffing-xss
[工具] An extremely insecure Ethereum cryptowallet
https://gitlab.com/badbounty/dvcw
[Web安全] WD My Cloud RCE
https://bnbdr.github.io/posts/wd/
[其它] Details of SIM port hack
[恶意分析] Reversing Golang Binaries: Part-2
https://medium.com/@nishanmaharjan17/reversing-golang-binaries-part-2-26f522264d01
[移动安全] Calling iOS Native Functions from Python Using Frida and RPC
[Web安全] LFI ON PRODUCTION SERVERS in “springboard.google.com” – $13,337USD
[取证分析] yurita: Anomaly detection framework @ PayPal
https://github.com/paypal/yurita
[数据挖掘] 智能威胁分析之图数据构建
https://mp.weixin.qq.com/s/15Avw3KTnmGIftxYhK34mQ
[运维安全] AWS Security Incident Response Guide
https://d1.awsstatic.com/whitepapers/aws_security_incident_response.pdf
[恶意分析] A Curious Case of Malwarebytes
https://0x00sec.org/t/a-curious-case-of-malwarebytes/13746
[恶意分析] Incident response at your fingertips with Microsoft Defender ATP live response
[漏洞分析] Linux Privilege Escalation via LXD & Hijacked UNIX Socket Credentials
https://shenaniganslabs.io/2019/05/21/LXD-LPE.html
[恶意分析] The Tier of Threat Actors – Cheatsheet
https://itblogr.com/tier-of-threat-actors-cheatsheet/
[漏洞分析] Fun With Custom URI Schemes
https://zeropwn.github.io/2019-05-22-fun-with-uri-handlers/
[数据挖掘] DataCon 2019: 1st place solution of malicious DNS traffic & DGA analysis
[恶意分析] How to Create a Malware Detection System With Machine Learning
[数据挖掘] Detecting Patterns with Unsupervised Learning
https://medium.com/code-gin/detecting-patterns-with-unsupervised-learning-88ba737d4f34
[Web安全] Make Redirection Evil Again: URL Parser Issues in OAuth
https://www.tttang.com/archive/1290/
-----微信ID:SecWiki----- SecWiki,5年来一直专注安全技术资讯分析! SecWiki:https://www.sec-wiki.com
本期原文地址: SecWiki周刊(第273期)
来源:freebuf.com 2019-05-27 17:46:27 by: SecWiki
请登录后发表评论
注册