安全资讯
[新闻] FBI查获DeepDotWeb并逮捕其管理员
https://nosec.org/home/detail/2564.html
[人物] 饿了么王彬:安全即是公平 实现要靠运营
https://mp.weixin.qq.com/s/3UYObnoZV_g-AZFdSoxJLg
[新闻] 布拉格5G安全大会 “布拉格提案”
https://mp.weixin.qq.com/s/sktQAoNeE-3na9lBPm9nzg
[事件] 三星泄露SmartThings应用程序源代码和密钥
https://nosec.org/home/detail/2565.html
[新闻] 汉堡王的儿童网上商店泄露数万条顾客信息
https://nosec.org/home/detail/2566.html
[新闻] 情报指挥中心加入公安部直属机关序列
https://mp.weixin.qq.com/s/ULHbGTI1YosdZG23aAE4Qw
[新闻] 赛门铁克公司加入美国防部的网络威胁情报共享项目
https://mp.weixin.qq.com/s/tHjveTuc1bi0TxmJKwMoGw
安全技术
[取证分析] 浅谈入侵溯源过程中的一些常见姿势
https://www.freebuf.com/articles/network/202168.html
[其它] 从攻守日志 看网络江湖的快意恩仇
http://blog.nsfocus.net/looking-at-the-network-rivers-and-lakes-from-the-attack-and-defense-logs/
[移动安全] Android安全的思维导图
https://bbs.pediy.com/thread-251061.htm
[移动安全] HTTPDecrypt: 利用HTTP协议 远程加解密数据包,实现Burp一条龙服务
https://github.com/lyxhh/lxhToolHTTPDecrypt
[书籍] 免费的计算机编程类中文书籍
https://github.com/justjavac/free-programming-books-zh_CN
[移动安全] EL3 Tour: Get the Ultimate Privilege of Android Phone
https://speakerdeck.com/hhj4ck/el3-tour-get-the-ultimate-privilege-of-android-phone
[Web安全] 如何入侵基于RMI的JMX服务
https://nosec.org/home/detail/2544.html
[杂志] SecWiki周刊(第270期)
https://www.sec-wiki.com/weekly/270
[恶意分析] 代理蜜罐的开发与应用实战
https://www.freebuf.com/articles/network/202310.html
[恶意分析] 使用Suricata和ELK进行流量检测
https://zhuanlan.zhihu.com/p/64742715
[运维安全] SSH Honey Keys
https://kulinacs.com/ssh-honey-keys/
[Web安全] XMLDecoder解析流程分析
https://mp.weixin.qq.com/s/FupNkLOOWAabvnC3Yob_uw
[取证分析] 2600万TRX被盗背后的罗生门
https://mp.weixin.qq.com/s/aInEaYdS9X7HP7FbzWl6AQ?from=timeline
[运维安全] SSH 登陆问题及排查思路
https://www.infoq.cn/article/pqU7iMf8cHpz-RNLOslJ
[运维安全] SonarQube+DependencyCheck实现第三方依赖安全扫描
https://bloodzer0.github.io/ossa/other-security-branch/devsecops/sdc/
[漏洞分析] Broadcom无线芯片组的逆向分析之旅
https://nosec.org/home/detail/2540.html
[Web安全] The XSS challenge that +100k people saw but only 90 solved
https://blog.intigriti.com/2019/05/06/intigriti-xss-challenge-1/
[漏洞分析] Exploring Mimikatz – Part 1
https://blog.xpnsec.com/exploring-mimikatz-part-1/
[取证分析] Watermark: 网页添加水印的库
https://github.com/YanxinTang/Watermark
[比赛] 2019 虎鲸杯电子取证大赛赛后复盘总结
https://www.anquanke.com/post/id/177714
[漏洞分析] Browser、Mitigation 、Kernel 等漏洞利用相关研究
https://github.com/yeyintminthuhtut/Awesome-Advanced-Windows-Exploitation-References
[恶意分析] 聊聊安全测试中如何快速搞定Webshell
https://www.freebuf.com/articles/web/201421.html
[Web安全] 利用ASP.NET中的x-up-devcap-post-charset请求头绕过Web防火墙
https://nosec.org/home/detail/2556.html
[Web安全] Hack The Box – BigHead
https://0xrick.github.io/hack-the-box/bighead/
[漏洞分析] An Old Cisco OpenSSH Bug
https://medium.com/tenable-techblog/an-old-cisco-openssh-bug-342ce6679f61
[漏洞分析] Throwing 500 vm’s at your fuzzing target being an individual security researcher
https://kciredor.com/throwing-500-vms-fuzzing-target-individual-security-researcher.html
[取证分析] 2600万TRX被盗背后的罗生门 – 第二集
https://mp.weixin.qq.com/s/9Cl6-ZmAi-U3Qi6cPVZJxQ?from=timeline
[其它] 聊聊服务稳定性保障这些事
https://www.infoq.cn/article/69TYjy_v9u4FxXNUk2gK
[数据挖掘] 知识图谱怎么入门
https://zhuanlan.zhihu.com/p/65457826
[漏洞分析] 如何攻击Mirai僵尸网络(及其变种)的控制服务器?
https://nosec.org/home/detail/2558.html
[Web安全] x-up-devcap-post-charset Header in ASP.NET to Bypass WAFs Again!
[数据挖掘] 金融风控反欺诈之图算法
https://www.infoq.cn/article/C99whYfeGILp1W*M75cl
[工具] Exploit for CVE-2019-9810 Firefox on Windows 64 bits
https://github.com/0vercl0k/CVE-2019-9810
[运维安全] itops: 基于Python + Django的AD\Exchange管理系统
https://github.com/openitsystem/itops?from=timeline
[工具] tetanus: Helper script for mangling CS payloads
https://github.com/secgroundzero/tetanus
[恶意分析] Unpacking Redaman Malware & Basics of Self-Injection Packers
https://liveoverflow.com/unpacking-buhtrap-malware-basics-of-self-injection-packers-ft-oalabs-2/
[漏洞分析] Command injection by setting a custom search engine
https://hackerone.com/reports/497312
[比赛] CTF线下攻防指南
http://blog.nsfocus.net/ctf-off-line-attack-defense-guidelines/
[漏洞分析] Exploiting Logic Bugs in JavaScript JIT Engines
http://phrack.org/papers/jit_exploitation.html
[工具] Open Source SIRP with Elasticsearch and TheHive
https://arnaudloos.com/2019/open-source-sirp-overview/
[其它] “不可破解”生物识别USB通过纯文本传输密码
https://nosec.org/home/detail/2567.html
[恶意分析] Malicious DLL execution using Apple’s APSDaemon.exe signed binary
https://0x00sec.org/t/malicious-dll-execution-using-apples-apsdaemon-exe-signed-binary/13409
[漏洞分析] Hijacking browser TLS traffic through Client Domain Hooking
https://blog.duszynski.eu/hijacking-browser-tls-traffic-through-client-domain-hooking/
[恶意分析] Using Win95 kernel32.dll exports like a virus
https://log.vexation.ca/2019/04/using-win95-kernel32dll-exports-like.html?m=1
[漏洞分析] Taking Control of VMware Through the Universal Host Controller Interface: Part 1
[漏洞分析] Looking inside the box
https://anvilventures.com/blog/looking-inside-the-box.html
[其它] Comprehensive walkthrough of the LTDH19 RE challenges
https://blog.syscall.party/post/ltdh-re-walkthrough/
[恶意分析] How to Reverse Malware on macOS Without Getting Infected | Part 1
https://www.sentinelone.com/blog/how-to-reverse-macos-malware-part-one/
[恶意分析] Finding Registry Malware Persistence with RECmd
https://digital-forensics.sans.org/blog/2019/05/07/malware-persistence-recmd/
[Web安全] 我的CSP绕过思路及总结
[数据挖掘] 基于统计分析的ICMP隧道检测方法与实现
https://www.freebuf.com/articles/network/202634.html
[无线安全] Feathering for SSIDs
https://medium.com/@elkentaro/feathering-for-ssids-bd69ad41165a
[漏洞分析] Eight Devices, One Exploit
https://medium.com/tenable-techblog/eight-devices-one-exploit-f5fc28c70a7c
[漏洞分析] write-after-free vulnerability in Firefox, Analysis and Exploitation
[恶意分析] Cisco Talos报告Alpine Linux Docker镜像中的硬编码凭据
https://nosec.org/home/detail/2568.html
[工具] wpbullet: A static code analysis for WordPress (and PHP)
https://github.com/webarx-security/wpbullet
[Web安全] Tale of a Wormable Twitter XSS
https://www.virtuesecurity.com/tale-of-a-wormable-twitter-xss/
[数据挖掘] Security Data Science Learning Resources
https://medium.com/@jason_trost/security-data-science-learning-resources-8f7586995040
[其它] From zero to tfp0 – Part 2: Walkthrough of the voucher_swap exploit
[工具] response: Monzo’s real-time incident response and reporting tool
https://github.com/monzo/response
[工具] Vulmap: Vulmap Online Local Vulnerability Scanners Project
https://github.com/vulmon/Vulmap
[其它] From Zero to tfp0 – Part 1: Prologue
https://www.darkmatter.ae/papers-articles/from-zero-to-tfp0-part-1-prologue/
[数据挖掘] 2019 Data Breach Investigations Report
https://enterprise.verizon.com/resources/reports/2019-data-breach-investigations-report.pdf
[工具] Bashter: Web Crawler, Scanner, and Analyzer Framework (Shell-Script based)
https://github.com/zerobyte-id/Bashter
[移动安全] Android Application Diffing: CVE-2019-10875 Inspection
https://blog.quarkslab.com/android-application-diffing-cve-2019-10875-inspection.html
[恶意分析] Detailed Analysis of macOS Vulnerability CVE-2019-8507
[工具] ExtAnalysis: Browser Extension Analysis Framework
https://github.com/Tuhinshubhra/ExtAnalysis
[漏洞分析] D-Link camera vulnerability allows attackers to tap into the video stream
https://www.welivesecurity.com/2019/05/02/d-link-camera-vulnerability-video-stream/
[Web安全] List of Awesome Asset Discovery Resources
https://github.com/redhuntlabs/Awesome-Asset-Discovery
-----微信ID:SecWiki----- SecWiki,5年来一直专注安全技术资讯分析! SecWiki:https://www.sec-wiki.com
本期原文地址: SecWiki周刊(第271期)
来源:freebuf.com 2019-05-13 13:57:46 by: SecWiki
请登录后发表评论
注册