安全资讯
[观点] 网络安全“圣地”之行
https://mp.weixin.qq.com/s/xxU0R5eVcP_42VVd2DQeXQ
安全技术
[编程技术] 教会微信:突破文件发送100M限制
https://mp.weixin.qq.com/s/WfYJDY9OymRTigwn6u7IGw
[漏洞分析] Fortigate SSL VPN任意文件读取(可直接登录VPN)
https://nosec.org/home/detail/2867.html
[Web安全] 网络与信息安全领域专项赛WP
http://zeroyu.xyz/2019/08/16/2019-8-15-writeup/
[Web安全] JNDI远程代码执行漏洞详解
https://zerothoughts.tumblr.com/post/137769010389/fun-with-jndi-remote-code-injection
[数据挖掘] DNS攻防皮毛(一)
https://mp.weixin.qq.com/s/qnhIalmIu1bz7D6828wldg
[Web安全] Exchange渗透测试总结
https://www.anquanke.com/post/id/184342
[漏洞分析] WebLogic安全研究报告
https://mp.weixin.qq.com/s/qxkV_7MZVhUYYq5QGcwCtQ
[取证分析] SysmonHunter:一个简单的基于ATT&CK的Sysmon日志狩猎工具
https://github.com/baronpan/SysmonHunter
[漏洞分析] CVE-2019-0193:Apache Solr远程执行代码漏洞预警
https://nosec.org/home/detail/2850.html
[Web安全] IoT固件逆向入门
http://zeroyu.xyz/2019/08/15/How_to_start_IoT_Reverse/index.html
[Web安全] HTML注入:利用HTML标签绕过CSP
https://nosec.org/home/detail/2860.html
[漏洞分析] CVE-2018-4259: MacOS NFS vulnerabilties lead to kernel RCE
https://blog.semmle.com/cve-2018-4259-macos-nfs-vulnerability/
[漏洞分析] 如何攻击Fortigate SSL VPN
https://nosec.org/home/detail/2862.html
[Web安全] Three (And A Half) Vulns For The Price of One!
https://tactifail.wordpress.com/2019/07/26/three-vulns-for-the-price-of-one/
[Web安全] Simple & Interactive SSRF tutorial
[工具] RouterOS Post Exploitation
https://medium.com/tenable-techblog/routeros-post-exploitation-784c08044790
[设备安全] KNOB Attack
[比赛] 网络与信息安全领域专赛-WriteUp
https://mp.weixin.qq.com/s/1-F5smfdwLUSdit5gP2mYA
[漏洞分析] butthax: lovense hush buttplug exploit chain
https://github.com/smealum/butthax
[工具] AggressorScript-UploadAndRunFrp
https://github.com/Ch1ngg/AggressorScript-UploadAndRunFrp
[取证分析] IOC Explorer:自动化关联失陷指标的工具
https://github.com/lion-gu/ioc-explorer
[Web安全] Meteor Blind NoSQL Injection
https://medium.com/rangeforce/meteor-blind-nosql-injection-29211775cd01
[漏洞分析] Several DoS conditions in certain HTTP/2 implementations
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
[工具] GetWindowsKernelExploitsKB(获取系统KB补丁对于的MS号)
https://www.ch1ng.com/blog/189.html
[漏洞分析] Privilege Escalation in Cloud Foundry UAA
https://www.twistlock.com/labs-blog/privilege-escalation-in-cloud-foundry-uaa-cve-2019-11270/
[文档] Microsoft Vulnerability Severity Classification for Windows
https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2A3xt
[工具] How to Build Your Own Penetration Testing Dropbox Using a Raspberry Pi 4
[比赛] CTF工业信息安全大赛实践与分析
https://www.freebuf.com/articles/ics-articles/210687.html
[恶意分析] 基于机器学习的jsp/jspx webshell检测
[恶意分析] Building a custom malware sandbox with PANDA
https://adalogics.com/blog/Building-a-custom-malware-sandbox-with-PANDA-Part-1
[漏洞分析] Comodo Antivirus – Sandbox Race Condition Use-After-Free (CVE-2019-14694)
http://rce4fun.blogspot.com/2019/08/comodo-antivirus-sandbox-race-condition.html
[恶意分析] Threat hunting using DNS firewalls and data enrichment
https://blog.redteam.pl/2019/08/threat-hunting-dns-firewall.html
[工具] goop: Google Search Scraper
https://github.com/s0md3v/goop
[Web安全] Exploiting Out Of Band XXE using internal network and php wrappers
https://mahmoudsec.blogspot.com/2019/08/exploiting-out-of-band-xxe-using.html
[漏洞分析] 拟态防御系列问题分析
[Web安全] SELECT code_execution FROM * USING SQLite;
https://research.checkpoint.com/select-code_execution-from-using-sqlite/
[恶意分析] The state of advanced code injections
https://adalogics.com/blog/the-state-of-advanced-code-injections
[Web安全] Mautic Remote Code Execution
https://github.com/MegadodoPublications/exploits/blob/master/mautic.md
[恶意分析] Responding to Firefox 0-days in the wild
https://blog.coinbase.com/responding-to-firefox-0-days-in-the-wild-d9c85a57f15b
[Web安全] Clickjacking DOM XSS on Google.org
https://appio.dev/vulns/clickjacking-xss-on-google-org/
[恶意分析] Reversing an Oppo ozip encryption key from encrypted firmware
https://bkerler.github.io/reversing/2019/04/24/the-game-begins/
[设备安全] Monitoring the State of Internet Routing Security
[工具] fuzzowski: the Network Protocol Fuzzer that we will want to use.
https://github.com/nccgroup/fuzzowski
[比赛] Defcon 27游记
https://n0b0dycn.me/2019/08/defcon27/
[Web安全] JNDI Injection using Getter Based Deserialization Gadgets
[移动安全] Intercepting traffic from Android Flutter applications
https://blog.nviso.be/2019/08/13/intercepting-traffic-from-android-flutter-applications/
[恶意分析] Dr.Semu – Malware Detection and Classification Tool Based on Dynamic Behavior
https://github.com/secrary/DrSemu
[工具] Generating Personalized Wordlists with NLP For Password Guessing Attacks
https://utkusen.com/blog/generating-personalized-wordlists.html
[其它] Code Execution via Fiber Local Storage
http://hatriot.github.io/blog/2019/08/12/code-execution-via-fiber-local-storage/
[移动安全] Debugging Cordova Applications
https://www.appknox.com/security/debugging-cordova-applications
[其它] Simple Anti-RE Trick
https://secrary.com/Random/anti_re_simple/
[Web安全] Subdomain takeover – Chapter two: Azure Services
https://blog.cystack.net/subdomain-takeover-chapter-two-azure-services/
[Web安全] solr-injection: Apache Solr Injection Research
https://github.com/artsploit/solr-injection
[漏洞分析] Static Analysis at Scale: An Instagram Story
https://instagram-engineering.com/static-analysis-at-scale-an-instagram-story-8f498ab71a0c
[运维安全] How To Attack Kerberos 101
https://m0chan.github.io/2019/07/31/How-To-Attack-Kerberos-101.html
[比赛] DEF CON CTF 27 Final 游记
http://iromise.com/2019/08/14/DEF-CON-CTF-27-Final/
[Web安全] 从SOAR中求解应用安全建设强运营突围之法
https://mp.weixin.qq.com/s/sedpOhSxEGSdaxX8SACIMA
[Web安全] Offensive Lateral Movement
https://hausec.com/2019/08/12/offensive-lateral-movement/
-----微信ID:SecWiki----- SecWiki,8年来一直专注安全技术资讯分析! SecWiki:https://www.sec-wiki.com
本期原文地址: SecWiki周刊(第285期)
来源:freebuf.com 2019-08-19 14:15:27 by: SecWiki
请登录后发表评论
注册