安全资讯
[人物] 宋克亚 :商业银行渗透测试体系建设思考
https://mp.weixin.qq.com/s/xiZvVANcJF4qeG8Tce5iGw
[取证分析] 从一份起诉书看美国开源情报的实战应用
https://mp.weixin.qq.com/s/DoHc7G0yyW6iyORR0zxBBg
[新闻] 2018年度网安上市公司最新数据
https://mp.weixin.qq.com/s/vCZQNrbEo-sFBTQoBF8x1g
[新闻] 美公布2020财年预算 国防部96亿美元资助网络活动
https://mp.weixin.qq.com/s/FHPhXYTeDlkAZ42N7-XVaQ
安全技术
[漏洞分析] 自动监控目标子域,助你快速挖洞——Sublert
https://nosec.org/home/detail/2363.html
[Web安全] OUTLOOK.COM 存储型XSS漏洞挖掘
https://omespino.com/write-up-1000-usd-in-5-minutes-xss-stored-in-outlook-com-ios-browsers/
[取证分析] 国际上跟暗网业务相关的厂商
https://mp.weixin.qq.com/s/ehO5UWBlGuLmFCSPef_oyw
[其它] OSCP备考指南
[数据挖掘] 异常检测的N种方法
https://mp.weixin.qq.com/s/kv-ZrOF4nnxXoQwFOodzjA
[编程技术] 使用 Docker 搭建 EFK
https://blog.forecho.com/use-efk.html
[运维安全] MySQLMonitor: MySQL实时监控工具(黑盒测试辅助工具)
https://github.com/TheKingOfDuck/MySQLMonitor
[漏洞分析] WordPress-5.1.1-CSRF-To-RCE安全事件详析
http://blog.topsec.com.cn/archives/3759
[取证分析] 一篇报告了解国内首个针对加密流量的检测引擎
https://www.aqniu.com/tools-tech/45207.html
[取证分析] Snare 与 Tanner——下一代高级 Web 蜜罐把玩
http://phantom0301.cc/2019/03/13/snare-and-tanner/
[编程技术] Orc – Bash 开发的 Linux 后渗透测试框架
[漏洞分析] Ghidra 从 XXE 到 RCE
https://xlab.tencent.com/cn/2019/03/18/ghidra-from-xxe-to-rce/
[恶意分析] ICS安全工具系列3.1:多功能安全工具
https://zhuanlan.zhihu.com/p/60080122
[设备安全] 委内瑞拉大规模停电事件的初步分析与思考启示
https://www.4hou.com/other/16826.html
[运维安全] 堡垒机:爱奇艺海量服务器安全运维平台的建设
https://mp.weixin.qq.com/s/TGswXl9cuwlRmaVsZs46hA
[文档] SecWiki周刊(第263期)
https://www.sec-wiki.com/weekly/263
[恶意分析] ICS安全工具系列3.3:网络流量检测工具
https://zhuanlan.zhihu.com/p/60091755
[移动安全] 在没有 root 或越狱的情况下绕过通用保护机制
https://www.slideshare.net/abrahamaranguren/pwning-mobile-apps-without-root-or-jailbreak-136622746
[恶意分析] 新的采矿蠕虫PsMiner使用多个高风险漏洞进行传播
[数据挖掘] 浅谈RASP技术攻防之基础篇
https://www.03sec.com/3237.shtml
[运维安全] Elasticsearch 安全防护
https://elasticsearch.cn/slides/181
[漏洞分析] 浅析MS Excel武器化
[漏洞分析] CVE-2019–5420 and defence-in-depth
https://blog.pentesterlab.com/cve-2019-5420-and-defence-in-depth-b502a64a80dd
[Web安全] 跨域方式及其产生的安全问题
[运维安全] 小师妹聊安全标准
https://www.freebuf.com/articles/es/197825.html
[Web安全] 探究PHP中的Mkdir函数
http://blog.topsec.com.cn/archives/3789
[Web安全] .NET高级代码审计(第一课)XmlSerializer反序列漏洞
[恶意分析] 分析攻击俄罗斯及乌克兰金融机构的恶意软件 BUHTRAP 泄漏的源码
https://blog.dcso.de/pegasus-buhtrap-analysis-of-the-malware-stage-based-on-the-leaked-source-code/
[恶意分析] ICS安全工具系列3.2:攻击指标(IOC)检测工具
https://zhuanlan.zhihu.com/p/60080388
[恶意分析] 国际黑产组织针对部分东亚国家金融从业者攻击活动的报告
https://mp.weixin.qq.com/s/S0D3GPmhOKu65KAPpL_i_g
[恶意分析] 绕过Windows Defender的“繁琐”方法
https://nosec.org/home/detail/2373.html
[论文] 安全学术研究者群体分析
https://mp.weixin.qq.com/s/TkFFORXP3H7IubOfyTrRDQ
[Web安全] Critical zero-day vulnerability fixed in WordPress Easy WP SMTP plugin.
https://blog.nintechnet.com/critical-0day-vulnerability-fixed-in-wordpress-easy-wp-smtp-plugin/
[Web安全] Markdown协作平台HackMD的蠕虫型XSS
https://nosec.org/home/detail/2349.html
[Web安全] Exploiting OGNL Injection in Apache Struts
https://pentest-tools.com/blog/exploiting-ognl-injection-in-apache-struts/
[编程技术] Elasticsearch 百亿级实时查询优化实战
https://mp.weixin.qq.com/s/UV6NoI6-Y3Zh4BR-m5jP8w
[设备安全] sega genesis rom hacking with ghidra
https://zznop.github.io/romhacking/2019/03/14/sega-genesis-rom-hacking-with-ghidra.html
[Web安全] 实例讲解Apache Struts框架OGNL注入漏洞
https://nosec.org/home/detail/2354.html
[文档] 2018年度工业信息安全形势分析
http://www.etiri.com.cn/etiri-edit/kindeditor/attached/file/20190318/20190318130339_26274.pdf
[Web安全] .NET高级代码审计(第四课) JavaScriptSerializer反序列化漏洞
https://www.anquanke.com/post/id/173652
[恶意分析] IoT-Implant-Toolkit:一款针对IoT设备的木马测试工具
https://www.freebuf.com/sectool/198174.html
[Web安全] PHP7和PHP5在安全上的区别
https://nosec.org/home/detail/2375.html
[恶意分析] Spotless Sandboxes: Evading Malware Analysis Systems using Wear-and-Tear Artifac
http://zeroyu.xyz/2019/03/20/Spotless-Sandboxes/
[漏洞分析] Denial of service in Facebook Fizz due to integer overflow (CVE-2019-3560)
https://lgtm.com/blog/facebook_fizz_CVE-2019-3560
[Web安全] .NET高级代码审计(第三课)Fastjson反序列化漏洞
https://www.anquanke.com/post/id/173151
[移动安全] 智能门锁移动互联网安全风险及加固策略研析
https://www.kiwisec.com/news/detail/5c90c33cc649181e28b81ef6.html
[编程技术] Writing a Custom Shellcode Encoder
https://medium.com/@0x0FFB347/writing-a-custom-shellcode-encoder-31816e767611
[工具] Hamburglar: collect useful information from urls, directories, and files
https://github.com/needmorecowbell/Hamburglar
[漏洞分析] Analysis of a Chrome Zero Day: CVE-2019-5786
[恶意分析] 驱动人生某样本分析
http://0cx.cc/Drivers_Trojan_analysis.jspx
[其它] 深入分析Drupal geddon 2 POP攻击链
https://nosec.org/home/detail/2221.html
[恶意分析] Check Point Forensic Files: A New Monero CryptoMiner Campaign
[漏洞分析] CVE-2014-4113内核漏洞分析
[漏洞分析] RCE in Slanger, a Ruby implementation of Pusher
https://www.honoki.net/2019/03/rce-in-slanger-0-6-0/
[数据挖掘] 基于对抗生成式模仿学习的实体和事件的联合抽取
https://mp.weixin.qq.com/s/z6Gfdp6ly0WdKjbrvhCACw
[Web安全] CVE-2018-17057 yet another phar deserialization in TCPDF
https://polict.net/blog/CVE-2018-17057
[论文] S&P 2019 (四)1~2月份议题速览
https://mp.weixin.qq.com/s/z6Al0LT8Kqw_p_onhTyV2w
[无线安全] SigintOS: A Wireless Pentest Distro Review
https://medium.com/@tomac/sigintos-a-wireless-pentest-distro-review-a7ea93ee8f8b
[Web安全] Discovering a zero day and getting code execution on Mozilla’s AWS Network
https://blog.assetnote.io/bug-bounty/2019/03/19/rce-on-mozilla-zero-day-webpagetest/
[Web安全] Java Serialization Objects (JSO): An Exploitation Guide
https://www.rapid7.com/research/report/exploiting-jsos/
[Web安全] Awesome Node.js for penetration testers
https://github.com/jesusprubio/awesome-nodejs-pentest
[Web安全] .NET高级代码审计(第二课) Json.Net反序列化漏洞
[Web安全] Finding and Exploiting .NET Remoting over HTTP using Deserialisation
[论文] Efficient and Flexible Discovery of PHP Application Vulnerabilities
https://mp.weixin.qq.com/s/xMoDTEvj91RgXFXfykS9tQ
[工具] CVE-2019-5786 FileReader Exploit
https://github.com/exodusintel/CVE-2019-5786/
[运维安全] Multiple Ways to Exploiting OSX using PowerShell Empire
https://www.hackingarticles.in/multiple-ways-to-exploiting-osx-using-powershell-empire/
[运维安全] Vulnerability hunting with Semmle QL, part 1
https://blogs.technet.microsoft.com/srd/2018/08/16/vulnerability-hunting-with-semmle-ql-part-1/
[漏洞分析] Avira VPN 2.15.2.28160 Elevation of Privilege
https://enigma0x3.net/2019/03/20/avira-vpn-2-15-2-28160-elevation-of-privilege/
[取证分析] How to Detect an Intruder-driven Group Policy Changes
https://habr.com/en/post/444048/
[设备安全] 控制系统设备:架构和供应渠道概述
https://zhuanlan.zhihu.com/p/58878866
[恶意分析] Red Team Telemetry: Empire Edition
https://www.lares.com/red-team-telemetry-empire-edition/
[恶意分析] Development of a new Windows 10 KASLR Bypass (in One WinDBG Command)
[Web安全] Reflected XSS in SolarWinds Database Performance Analyzer
[漏洞分析] CVE-2018-8024: Apache Spark XSS vulnerability in UI
https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2018-8024
[运维安全] A-Detector: An anomaly-based intrusion detection system.
https://github.com/alexfrancow/A-Detector
[运维安全] Vulnerability hunting with Semmle QL, part 2
https://blogs.technet.microsoft.com/srd/2019/03/19/vulnerability-hunting-with-semmle-ql-part-2/
[Web安全] Google Books X-Hacking
https://medium.com/@terjanq/google-books-x-hacking-29c249862f19
[运维安全] An introduction to privileged file operation abuse on Windows
https://offsec.provadys.com/intro-to-file-operation-abuse-on-Windows.html
[工具] OOB-Server: A Bind9 server for pentesters to use for Out-of-Band vulnerabilities
https://github.com/JuxhinDB/OOB-Server
[工具] Karta – source code assisted fast binary matching plugin for IDA
https://github.com/CheckPointSW/Karta
[Web安全] Java deserialization RCE in Tomcat cluster
https://blog.csdn.net/u011721501/article/details/88637270
[移动安全] Android app deobfuscation using static-dynamic cooperation
-----微信ID:SecWiki----- SecWiki,5年来一直专注安全技术资讯分析! SecWiki:https://www.sec-wiki.com
本期原文地址: SecWiki周刊(第264期)
来源:freebuf.com 2019-03-25 20:59:26 by: SecWiki
请登录后发表评论
注册