SecWiki周刊（第287期） – 作者:SecWiki

安全资讯

[法规]  关于印发加强工业互联网安全工作的指导意见的通知

http://www.miit.gov.cn/n1146285/n1146352/n3054355/n3057724/n3057729/c7281215/content.html

安全技术

[运维安全]  端口渗透

https://bloodzer0.github.io/ossa/red_vs_blue/port/

[Web安全]  教你如何搭建威胁情报库

https://blog.csdn.net/weixin_45134156/article/details/99822070

[Web安全]  SDL最初实践-安全设计

https://mp.weixin.qq.com/s/fr_txtLPrAL1yDIyq6uiJg

[会议]  KCon 2019 议题 PPT 公开

https://paper.seebug.org/1023/

[漏洞分析]  Pulse Secure SSL VPN任意文件读取

https://nosec.org/home/detail/2904.html

[恶意分析]  APT检测设备的扩展研究

https://mp.weixin.qq.com/s/skgrUPBZ4X5L3IpL_x4oUQ

[杂志]  SecWiki周刊（第286期)

https://www.sec-wiki.com/weekly/286

[其它]  腾讯安全：2019上半年企业安全总结

https://paper.seebug.org/1021/

[Web安全]  由外到内入侵渗透的点面线问题

https://blog.donot.me/pentest-theory/

[编程技术]  快速翻译awvs的漏洞库内容

http://0cx.cc/translate_vuln_with_awvs.jspx

[Web安全]  Spying on HTTPS

https://textslashplain.com/2019/08/11/spying-on-https/

[运维安全]  osctrl: Fast and efficient osquery management

https://github.com/jmpsec/osctrl

[漏洞分析]  CVE-2019-0708 (BlueKeep): Three Ways to Write Data into the Kernel with RDP PDU

https://unit42.paloaltonetworks.com/exploitation-of-windows-cve-2019-0708-bluekeep-three-ways-to-write-data-into-the-kernel-with-rdp-pdu/

[Web安全]  域渗透-获取NTDS.dit

https://uknowsec.cn/posts/notes/%E5%9F%9F%E6%B8%97%E9%80%8F-%E8%8E%B7%E5%8F%96NTDS.dit.html

[漏洞分析]  USB Fuzzing技术总结

https://www.anquanke.com/post/id/184954

[Web安全]  RASP Agent技术划水

https://mp.weixin.qq.com/s/qzsKoiv1pR5To4kwnNQR8w

[运维安全]  Blade：企业安全研究团队建设运营思考

https://security.tencent.com/index.php/blog/msg/136

[漏洞分析]  JSC Exploits

https://googleprojectzero.blogspot.com/2019/08/jsc-exploits.html

[Web安全]  RCE as root on Marathon-Mesos instance

https://omespino.com/write-up-private-bug-bounty-usd-rce-as-root-on-marathon-instance/

[移动安全]  In-the-wild iOS Exploit Chain 1

https://googleprojectzero.blogspot.com/2019/08/in-wild-ios-exploit-chain-1.html

[漏洞分析]  华为路由器 H532G 漏洞分析

https://xz.aliyun.com/t/6116

[数据挖掘]  基于访问日志的异常请求检测

https://xz.aliyun.com/t/6117

[Web安全]  Multiple WordPress Plugins SQL Injection Vulnerabilities

https://www.fortinet.com/blog/threat-research/wordpress-plugin-sql-injection-vulnerability.html

[移动安全]  In-the-wild iOS Exploit Chain 5

https://googleprojectzero.blogspot.com/2019/08/in-wild-ios-exploit-chain-5.html

[设备安全]  TP Link SR20 ACE漏洞分析

https://xz.aliyun.com/t/6073

[移动安全]  In-the-wild iOS Exploit Chain 4

https://googleprojectzero.blogspot.com/2019/08/in-wild-ios-exploit-chain-4.html

[漏洞分析]  拦截Android Flutter应用程序流量的研究

https://xz.aliyun.com/t/6149

[移动安全]  In-the-wild iOS Exploit Chain 2

https://googleprojectzero.blogspot.com/2019/08/in-wild-ios-exploit-chain-2.html

[移动安全]  In-the-wild iOS Exploit Chain 3

https://googleprojectzero.blogspot.com/2019/08/in-wild-ios-exploit-chain-3.html

[设备安全]  固件修改及编译记录

https://xz.aliyun.com/t/6053

-----微信ID：SecWiki-----
SecWiki，8年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com

来源：freebuf.com 2019-09-02 11:51:23 by: SecWiki