安全资讯
[事件] 有黑客正拍卖一个包含9200万巴西公民详细信息的数据库
https://nosec.org/home/detail/3018.html
[新闻] Facebook、Twitter涉嫌违反欧盟GDPR 或面临数十亿美元罚款
https://nosec.org/home/detail/3021.html
安全技术
[Web安全] SRC漏洞挖掘实用技巧
https://mp.weixin.qq.com/s/g-vlNmn4uQKUnBKZ7LMJvA
[Web安全] 红蓝对抗——加密Webshell“冰蝎”攻防
https://mp.weixin.qq.com/s/o6aUI-sk0A7fSDMTinoMNg
[漏洞分析] 泛微E-cology OA系统SQL注入漏洞
https://nosec.org/home/detail/3030.html
[Web安全] Web安全Day8 – XXE实战攻防
https://xz.aliyun.com/t/6502
[Web安全] Hacking Windows 备忘录
https://xz.aliyun.com/t/6498
[工具] Cobalt Strike – 使用其他方式抓取密码/dump hash
https://github.com/Ch1ngg/AggressorScript-RunDumpHash
[漏洞分析] D-Link路由器曝出RCE漏洞,牵涉多个型号
https://nosec.org/home/detail/3020.html
[漏洞分析] CVE-2019-1315:基于错误报告机制的Windows提权漏洞
https://nosec.org/home/detail/3027.html
[漏洞分析] ThinkPHP5.1.X反序列化利用链
https://xz.aliyun.com/t/6467
[杂志] SecWiki周刊(第292期)
https://www.sec-wiki.com/weekly/292
[其它] 美国政府持续深入开展爱因斯坦项目以提升网络威胁感知能力(2019)
https://www.sec-un.org/%e7%be%8e%e5%9b%bd%e6%94%bf%e5%ba%9c%e6%8c%81%e7%bb%ad%e6%b7%b1%e5%85%a5%e5%bc%80%e5%b1%95%e7%88%b1%e5%9b%a0%e6%96%af%e5%9d%a6%e9%a1%b9%e7%9b%ae%e4%bb%a5%e6%8f%90%e5%8d%87%e7%bd%91%e7%bb%9c%e5%a8%81/
[运维安全] 资产十问
https://www.sec-un.org/%e8%b5%84%e4%ba%a7%e5%8d%81%e9%97%ae/
[比赛] “北极星杯”AWD线上赛复盘
https://xz.aliyun.com/t/6477
[Web安全] php反序列化靶机实战
https://mp.weixin.qq.com/s/2bkCRZf6_An2fWEdXbHxrg
[取证分析] 基于mitmproxy的被动扫描代理
https://www.freebuf.com/articles/web/216301.html
[设备安全] 一小时完成上位机SCADA
http://jzgkchina.com/node/1273
[漏洞分析] vBulletin再修复高危RCE和SQL注入漏洞
https://nosec.org/home/detail/3022.html
[Web安全] 协议层的攻击—HTTP请求走私
https://paper.seebug.org/1048/
[事件] TeamViewer疑似被入侵事件分析
https://nosec.org/home/detail/3038.html
[取证分析] 从Exchange服务器上搜索和导出邮件
https://www.4hou.com/technology/20718.html
[Web安全] 以攻擊者的角度制定防禦策略
https://devco.re/blog/2019/10/09/def-strategy/
[取证分析] 一文看懂ATT&CK框架以及使用场景实例
https://www.anquanke.com/post/id/187998
[恶意分析] ISCX-IDS-2012 intrusion detection evaluation dataset
https://www.unb.ca/cic/datasets/ids.html
[漏洞分析] How a double-free bug in WhatsApp turns to RCE
https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/
[Web安全] SharpSniper利用分析
https://3gstudent.github.io/3gstudent.github.io/SharpSniper%E5%88%A9%E7%94%A8%E5%88%86%E6%9E%90/
[恶意分析] Repository of YARA rules made by McAfee ATR Team
https://github.com/advanced-threat-research/Yara-Rules
[漏洞分析] PDF调试技巧剖析
https://www.anquanke.com/post/id/188138
[漏洞分析] HackMD Stored XSS and HackMD Desktop RCE
https://5alt.me/2019/10/HackMD%20Stored%20XSS%20and%20HackMD%20Desktop%20RCE/
[无线安全] 侧信道攻击,从喊666到入门之—错误注入攻击白盒
https://www.anquanke.com/post/id/188340
[漏洞分析] The Art of WebKit Exploitation
http://blog.umangis.me/the-art-of-webkit-exploitation/
[Web安全] CatchMail: 收集邮箱的工具
https://github.com/0Kee-Team/CatchMail
[漏洞分析] CVE-2019-17059:Cyberoam SSL VPN的RCE漏洞
https://nosec.org/home/detail/3034.html
[取证分析] ATT&CK一般性学习笔记
https://mp.weixin.qq.com/s/qfthyNQ3E_TruEbREcIJzg
[其它] 浅析DARPA的运作机制
https://mp.weixin.qq.com/s/T5EqLfqSCU8JRp6Ez4vdpg
[文档] PENTESTING-BIBLE
https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE
[设备安全] 工控安全入门(五)—— plc逆向初探
https://www.anquanke.com/post/id/187792
[漏洞分析] 在PWN题中绕过lea esp以及关于Ret2dl的一些补充
https://www.anquanke.com/post/id/187875
[漏洞分析] [CVE-2019-9535] Iterm2命令执行的不完整复现
https://mp.weixin.qq.com/s/4KcpS4eNGQ8bL6DTM4K0aQ
[恶意分析] Revoke-Obfuscation: PowerShell Obfuscation Detection Framework
https://github.com/danielbohannon/Revoke-Obfuscation
[Web安全] Venom – A Multi-hop Proxy for Penetration Testers
https://github.com/Dliv3/Venom
-----微信ID:SecWiki----- SecWiki,5年来一直专注安全技术资讯分析! SecWiki:https://www.sec-wiki.com
本期原文地址: SecWiki周刊(第293期)
来源:freebuf.com 2019-10-14 08:36:42 by: SecWiki
请登录后发表评论
注册