SecWiki周刊（第274期） – 作者:SecWiki

安全资讯

[法规]  数据安全管理办法（征求意见稿）

http://www.cac.gov.cn/2019-05/28/c_1124546022.htm

安全技术

[Web安全]  一次攻防实战演习复盘总结

https://mp.weixin.qq.com/s/sfUQnFBlkRKf4uRDIVkG5Q

[漏洞分析]  ApacheTomca远程执行代码（CVE-2019-0232）漏洞浅析和复现

https://mp.weixin.qq.com/s/dhry2nxTyN4C0BUeBvOdZQ

[其它]  账户安全

https://bloodzer0.github.io/ossa/business/account/

[运维安全]  容器安全工具

https://bloodzer0.github.io/ossa/infrastructure-security/container/tools/

[Web安全]  产品安全设计checklist

https://bloodzer0.github.io/ossa/other-security-branch/security-operation/pst/

[漏洞分析]  Analysis of CVE-2019-0708 (BlueKeep)

https://www.malwaretech.com/2019/05/analysis-of-cve-2019-0708-bluekeep.html

[恶意分析]  Decryption-Tools: 勒索病毒解密工具的汇总

https://github.com/jiansiting/Decryption-Tools

[其它]  netstat源代码调试&原理分析

https://blog.spoock.com/2019/05/26/netstat-learn/

[数据挖掘]  datacon比赛方向三-攻击源与攻击者分析writeup

https://github.com/ReAbout/datacon

[比赛]  2019 强网杯online Web Writeup

https://tttang.com/archive/1301/

[其它]  CTF中的隐写术总结

https://mp.weixin.qq.com/s/tAMqC8NpgkXDGAgZHtLd7A

[运维安全]  容器安全建设

https://bloodzer0.github.io/ossa/infrastructure-security/container/

[移动安全]  一张图片在微信中点开让苹果手机重启 的简单分析

http://www.h4ck.org.cn/2019/05/%e4%b8%80%e5%bc%a0%e5%9b%be%e7%89%87%e5%9c%a8%e5%be%ae%e4%bf%a1%e4%b8%ad%e7%82%b9%e5%bc%80%e8%ae%a9%e8%8b%b9%e6%9e%9c%e6%89%8b%e6%9c%ba%e9%87%8d%e5%90%af-%e7%9a%84%e7%ae%80%e5%8d%95%e5%88%86%e6%9e%90/

[Web安全]  利用 JAVA 调试协议 JDWP 实现反弹 shell

https://paper.seebug.org/933/

[漏洞分析]  A Debugging Primer with CVE-2019–0708

https://medium.com/@straightblast426/a-debugging-primer-with-cve-2019-0708-ccfa266682f6

[Web安全]  某CMS组合漏洞至Getshell

https://xz.aliyun.com/t/5277

[Web安全]  永久性 WMIC 事件订阅 – 权限维持(三）

https://rcoil.me/2019/05/%E6%B0%B8%E4%B9%85%E6%80%A7%20WMIC%20%E4%BA%8B%E4%BB%B6%E8%AE%A2%E9%98%85%20-%20%E6%9D%83%E9%99%90%E7%BB%B4%E6%8C%81%EF%BC%88%E4%B8%89%EF%BC%89/

[取证分析]  军工行业工控安全防护思路

https://mp.weixin.qq.com/s/AVRYyob-bQdRRQ8i15SK3w

[数据挖掘]  当安全遇上NLP

http://4o4notfound.org/index.php/archives/190/

[漏洞分析]  CVE-2018-12067及类似漏洞分析与相关思考

https://xz.aliyun.com/t/5248

[漏洞分析]  Attribution is hard — at least for Dock: A Safari sandbox escape & LPE

https://phoenhex.re/2019-05-26/attribution-is-hard-at-least-for-dock

[移动安全]  iOS砸壳从入门到放弃

https://mp.weixin.qq.com/s/BnYglYcsC-X43pgHfpDXgg

[取证分析]  应急响应处置流程Windows篇

https://www.freebuf.com/articles/network/203494.html

[取证分析]  跟我一起学习玩转二维码

https://www.freebuf.com/geek/204516.html

[Web安全]  Microsoft Office – 权限维持(一)

https://rcoil.me/2019/05/Microsoft%20Office%20-%20%E6%9D%83%E9%99%90%E7%BB%B4%E6%8C%81%EF%BC%88%E4%B8%80%EF%BC%89/

[比赛]  CTFTraining: CTF Training 经典赛题复现环境

https://github.com/CTFTraining/CTFTraining

[漏洞分析]  netstat 源代码调试 & 原理分析

https://paper.seebug.org/934/

[漏洞分析]  InfluxDB authentication bypass 0day

https://www.komodosec.com/post/when-all-else-fails-find-a-0-day

[比赛]  ISCC2019部分writeup

https://www.anquanke.com/post/id/179216

[恶意分析]  Threat Hunting with Jupyter Notebooks— Part 1: Your First Notebook 

https://posts.specterops.io/threat-hunting-with-jupyter-notebooks-part-1-your-first-notebook-9a99a781fde7?gi=6e2ca22b44b7

[比赛]  MIMIC Defense CTF 2019 final writeup

https://paper.seebug.org/932/

[Web安全]  Exploiting File Uploads Pt. 1 – MIME Sniffing to Stored XSS

https://anotherhackerblog.com/exploiting-file-uploads-pt1/

[其它]  使用Gpg4Win+Outlook Express实现发送和接收加密邮件

https://www.cnblogs.com/Lyckerr/p/8624076.html

[漏洞分析]  Breaking Out of rkt – 3 New Unpatched CVEs

https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/

[恶意分析]  nansh0u-campaign-hackers-arsenal-grows-stronger

https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/

[恶意分析]  HiddenWasp Malware Stings Targeted Linux Systems

https://www.intezer.com/blog-hiddenwasp-malware-targeting-linux-systems/

[取证分析]  Diving into the Security Analyst’s Mind

https://posts.specterops.io/diving-into-the-security-analysts-mind-b1708668e8d4

-----微信ID：SecWiki-----
SecWiki，5年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第274期)

来源：freebuf.com 2019-06-03 17:32:42 by: SecWiki