SecWiki周刊(第290期) – 作者:SecWiki

安全技术

[Web安全]  利用js文件进行渗透

https://mp.weixin.qq.com/s/G6qdRQ3BPKrjHY5ucUiG2w

[Web安全]  CVE-2019-10392 Jenkins 2k19认证远程RCE

https://misakikata.github.io/2019/09/CVE-2019-10392-Jenkins-2k19%E8%AE%A4%E8%AF%81%E8%BF%9C%E7%A8%8BRCE/

[取证分析]  钓鱼邮件的投递和伪造

https://xz.aliyun.com/t/6325

[杂志]  SecWiki周刊(第289期)

https://www.sec-wiki.com/weekly/289

[Web安全]  内网渗透之端口转发、映射、代理

https://xz.aliyun.com/t/6349

[Web安全]  LuWu: 红队基础设施自动化部署工具

https://github.com/QAX-A-Team/LuWu

[取证分析]  反间谍软件之旅(一)

https://www.anquanke.com/post/id/186489

[其它]  SUCTF-WriteUp(上)

https://mp.weixin.qq.com/s/bgWwPPjFsiviFxMgNxjUIg

[工具]  vulnerable-sso: vulnerable single sign on

https://github.com/dogangcr/vulnerable-sso

[取证分析]  大型互联网企业威胁情报运营与实践思考

https://www.anquanke.com/post/id/187069

[Web安全]  攻击Scrapyd爬虫

https://www.leavesongs.com/OTHERLAN/attack-scrapy.html

[恶意分析]  Malware Classification with ‘Graph Hash,’ Applied to the Orca Cyberespionage Cam

https://blog.trendmicro.com/trendlabs-security-intelligence/malware-classification-with-graph-hash-applied-to-the-orca-cyberespionage-campaign/

[其它]  beyond-good-ol-run-key-part-114(AutoPlay利用)

http://www.hexacorn.com/blog/2019/09/07/beyond-good-ol-run-key-part-114/

[恶意分析]  purple-fox-fileless-malware-with-rookit-component-delivered-by-rig-exploit-kit-n

https://blog.trendmicro.com/trendlabs-security-intelligence/purple-fox-fileless-malware-with-rookit-component-delivered-by-rig-exploit-kit-now-abuses-powershell/

[工具]  pdlist: A passive subdomain finder

https://github.com/gnebbia/pdlist

[其它]  SUCTF-WriteUp(下)

https://mp.weixin.qq.com/s/NtOgVw0uFXndJ7b1-G-0iw

[其它]  Decentralizing DNS to Improve the Security of the Internet

https://www.namebase.io/blog/meet-handshake-decentralizing-dns-to-improve-the-security-of-the-internet/

[工具]  Bloodhound Cypher Cheatsheet

https://hausec.com/2019/09/09/bloodhound-cypher-cheatsheet/

[Web安全]  Server Side Template Injection – on the example of Pebble

https://research.securitum.com/server-side-template-injection-on-the-example-of-pebble/

-----微信ID:SecWiki-----
SecWiki,5年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第290期)

footer.png

来源:freebuf.com 2019-09-23 20:08:31 by: SecWiki

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享
评论 抢沙发

请登录后发表评论