SecWiki周刊(第264期)
2019/03/18-2019/03/24
安全资讯
从一份起诉书看美国开源情报的实战应用
https://mp.weixin.qq.com/s/DoHc7G0yyW6iyORR0zxBBg
https://mp.weixin.qq.com/s/DoHc7G0yyW6iyORR0zxBBg
宋克亚 :商业银行渗透测试体系建设思考
https://mp.weixin.qq.com/s/xiZvVANcJF4qeG8Tce5iGw
https://mp.weixin.qq.com/s/xiZvVANcJF4qeG8Tce5iGw
2018年度网安上市公司最新数据
https://mp.weixin.qq.com/s/vCZQNrbEo-sFBTQoBF8x1g
https://mp.weixin.qq.com/s/vCZQNrbEo-sFBTQoBF8x1g
美公布2020财年预算 国防部96亿美元资助网络活动
https://mp.weixin.qq.com/s/FHPhXYTeDlkAZ42N7-XVaQ
https://mp.weixin.qq.com/s/FHPhXYTeDlkAZ42N7-XVaQ
安全技术
智能门锁移动互联网安全风险及加固策略研析
https://www.kiwisec.com/news/detail/5c90c33cc649181e28b81ef6.html
https://www.kiwisec.com/news/detail/5c90c33cc649181e28b81ef6.html
Spotless Sandboxes: Evading Malware Analysis Systems using Wear-and-Tear Artifac
http://zeroyu.xyz/2019/03/20/Spotless-Sandboxes/
http://zeroyu.xyz/2019/03/20/Spotless-Sandboxes/
A-Detector: An anomaly-based intrusion detection system.
https://github.com/alexfrancow/A-Detector
https://github.com/alexfrancow/A-Detector
Java deserialization RCE in Tomcat cluster
https://blog.csdn.net/u011721501/article/details/88637270
https://blog.csdn.net/u011721501/article/details/88637270
Writing a Custom Shellcode Encoder
https://medium.com/@0x0FFB347/writing-a-custom-shellcode-encoder-31816e767611
https://medium.com/@0x0FFB347/writing-a-custom-shellcode-encoder-31816e767611
Snare 与 Tanner——下一代高级 Web 蜜罐把玩
http://phantom0301.cc/2019/03/13/snare-and-tanner/
http://phantom0301.cc/2019/03/13/snare-and-tanner/
Red Team Telemetry: Empire Edition
https://www.lares.com/red-team-telemetry-empire-edition/
https://www.lares.com/red-team-telemetry-empire-edition/
SigintOS: A Wireless Pentest Distro Review
https://medium.com/@tomac/sigintos-a-wireless-pentest-distro-review-a7ea93ee8f8b
https://medium.com/@tomac/sigintos-a-wireless-pentest-distro-review-a7ea93ee8f8b
S&P 2019 (四)1~2月份议题速览
https://mp.weixin.qq.com/s/z6Al0LT8Kqw_p_onhTyV2w
https://mp.weixin.qq.com/s/z6Al0LT8Kqw_p_onhTyV2w
2018年度工业信息安全形势分析
http://www.etiri.com.cn/etiri-edit/kindeditor/attached/file/20190318/20190318130339_26274.pdf
http://www.etiri.com.cn/etiri-edit/kindeditor/attached/file/20190318/20190318130339_26274.pdf
堡垒机:爱奇艺海量服务器安全运维平台的建设
https://mp.weixin.qq.com/s/TGswXl9cuwlRmaVsZs46hA
https://mp.weixin.qq.com/s/TGswXl9cuwlRmaVsZs46hA
OSCP备考指南
https://www.lshack.cn/656/
https://www.lshack.cn/656/
MySQLMonitor: MySQL实时监控工具(黑盒测试辅助工具)
https://github.com/TheKingOfDuck/MySQLMonitor
https://github.com/TheKingOfDuck/MySQLMonitor
ICS安全工具系列3.2:攻击指标(IOC)检测工具
https://zhuanlan.zhihu.com/p/60080388
https://zhuanlan.zhihu.com/p/60080388
OUTLOOK.COM 存储型XSS漏洞挖掘
https://omespino.com/write-up-1000-usd-in-5-minutes-xss-stored-in-outlook-com-ios-browsers/
https://omespino.com/write-up-1000-usd-in-5-minutes-xss-stored-in-outlook-com-ios-browsers/
一篇报告了解国内首个针对加密流量的检测引擎
https://www.aqniu.com/tools-tech/45207.html
https://www.aqniu.com/tools-tech/45207.html
IoT-Implant-Toolkit:一款针对IoT设备的木马测试工具
https://www.freebuf.com/sectool/198174.html
https://www.freebuf.com/sectool/198174.html
Markdown协作平台HackMD的蠕虫型XSS
https://nosec.org/home/detail/2349.html
https://nosec.org/home/detail/2349.html
Ghidra 从 XXE 到 RCE
https://xlab.tencent.com/cn/2019/03/18/ghidra-from-xxe-to-rce/
https://xlab.tencent.com/cn/2019/03/18/ghidra-from-xxe-to-rce/
WordPress-5.1.1-CSRF-To-RCE安全事件详析
http://blog.topsec.com.cn/archives/3759
http://blog.topsec.com.cn/archives/3759
.NET高级代码审计(第一课)XmlSerializer反序列漏洞
https://xz.aliyun.com/t/4374
https://xz.aliyun.com/t/4374
Efficient and Flexible Discovery of PHP Application Vulnerabilities
https://mp.weixin.qq.com/s/xMoDTEvj91RgXFXfykS9tQ
https://mp.weixin.qq.com/s/xMoDTEvj91RgXFXfykS9tQ
Critical zero-day vulnerability fixed in WordPress Easy WP SMTP plugin.
https://blog.nintechnet.com/critical-0day-vulnerability-fixed-in-wordpress-easy-wp-smtp-plugin/
https://blog.nintechnet.com/critical-0day-vulnerability-fixed-in-wordpress-easy-wp-smtp-plugin/
.NET高级代码审计(第二课) Json.Net反序列化漏洞
https://xz.aliyun.com/t/4464
https://xz.aliyun.com/t/4464
探究PHP中的Mkdir函数
http://blog.topsec.com.cn/archives/3789
http://blog.topsec.com.cn/archives/3789
ICS安全工具系列3.3:网络流量检测工具
https://zhuanlan.zhihu.com/p/60091755
https://zhuanlan.zhihu.com/p/60091755
自动监控目标子域,助你快速挖洞——Sublert
https://nosec.org/home/detail/2363.html
https://nosec.org/home/detail/2363.html
委内瑞拉大规模停电事件的初步分析与思考启示
https://www.4hou.com/other/16826.html
https://www.4hou.com/other/16826.html
CVE-2019–5420 and defence-in-depth
https://blog.pentesterlab.com/cve-2019-5420-and-defence-in-depth-b502a64a80dd
https://blog.pentesterlab.com/cve-2019-5420-and-defence-in-depth-b502a64a80dd
sega genesis rom hacking with ghidra
https://zznop.github.io/romhacking/2019/03/14/sega-genesis-rom-hacking-with-ghidra.html
https://zznop.github.io/romhacking/2019/03/14/sega-genesis-rom-hacking-with-ghidra.html
浅析MS Excel武器化
https://xz.aliyun.com/t/4426
https://xz.aliyun.com/t/4426
使用 Docker 搭建 EFK
https://blog.forecho.com/use-efk.html
https://blog.forecho.com/use-efk.html
实例讲解Apache Struts框架OGNL注入漏洞
https://nosec.org/home/detail/2354.html
https://nosec.org/home/detail/2354.html
.NET高级代码审计(第三课)Fastjson反序列化漏洞
https://www.anquanke.com/post/id/173151
https://www.anquanke.com/post/id/173151
OOB-Server: A Bind9 server for pentesters to use for Out-of-Band vulnerabilities
https://github.com/JuxhinDB/OOB-Server
https://github.com/JuxhinDB/OOB-Server
新的采矿蠕虫PsMiner使用多个高风险漏洞进行传播
https://blog.360totalsecurity.com/en/new-mining-worm-psminer-uses-multiple-high-risk-vulnerabilities-to-spread/
https://blog.360totalsecurity.com/en/new-mining-worm-psminer-uses-multiple-high-risk-vulnerabilities-to-spread/
浅谈RASP技术攻防之基础篇
https://www.03sec.com/3237.shtml
https://www.03sec.com/3237.shtml
跨域方式及其产生的安全问题
https://xz.aliyun.com/t/4470
https://xz.aliyun.com/t/4470
Finding and Exploiting .NET Remoting over HTTP using Deserialisation
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2019/march/finding-and-exploiting-.net-remoting-over-http-using-deserialisation/
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2019/march/finding-and-exploiting-.net-remoting-over-http-using-deserialisation/
Awesome Node.js for penetration testers
https://github.com/jesusprubio/awesome-nodejs-pentest
https://github.com/jesusprubio/awesome-nodejs-pentest
ICS安全工具系列3.1:多功能安全工具
https://zhuanlan.zhihu.com/p/60080122
https://zhuanlan.zhihu.com/p/60080122
基于对抗生成式模仿学习的实体和事件的联合抽取
https://mp.weixin.qq.com/s/z6Gfdp6ly0WdKjbrvhCACw
https://mp.weixin.qq.com/s/z6Gfdp6ly0WdKjbrvhCACw
国际黑产组织针对部分东亚国家金融从业者攻击活动的报告
https://mp.weixin.qq.com/s/S0D3GPmhOKu65KAPpL_i_g
https://mp.weixin.qq.com/s/S0D3GPmhOKu65KAPpL_i_g
Avira VPN 2.15.2.28160 Elevation of Privilege
https://enigma0x3.net/2019/03/20/avira-vpn-2-15-2-28160-elevation-of-privilege/
https://enigma0x3.net/2019/03/20/avira-vpn-2-15-2-28160-elevation-of-privilege/
Orc - Bash 开发的 Linux 后渗透测试框架
https://github.com/zMarch/Orc
https://github.com/zMarch/Orc
RCE in Slanger, a Ruby implementation of Pusher
https://www.honoki.net/2019/03/rce-in-slanger-0-6-0/
https://www.honoki.net/2019/03/rce-in-slanger-0-6-0/
Discovering a zero day and getting code execution on Mozilla's AWS Network
https://blog.assetnote.io/bug-bounty/2019/03/19/rce-on-mozilla-zero-day-webpagetest/
https://blog.assetnote.io/bug-bounty/2019/03/19/rce-on-mozilla-zero-day-webpagetest/
Elasticsearch 百亿级实时查询优化实战
https://mp.weixin.qq.com/s/UV6NoI6-Y3Zh4BR-m5jP8w
https://mp.weixin.qq.com/s/UV6NoI6-Y3Zh4BR-m5jP8w
CVE-2018-8024: Apache Spark XSS vulnerability in UI
https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2018-8024
https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2018-8024
Elasticsearch 安全防护
https://elasticsearch.cn/slides/181
https://elasticsearch.cn/slides/181
深入分析Drupal geddon 2 POP攻击链
https://nosec.org/home/detail/2221.html
https://nosec.org/home/detail/2221.html
CVE-2014-4113内核漏洞分析
https://xz.aliyun.com/t/4456
https://xz.aliyun.com/t/4456
控制系统设备:架构和供应渠道概述
https://zhuanlan.zhihu.com/p/58878866
https://zhuanlan.zhihu.com/p/58878866
.NET高级代码审计(第四课) JavaScriptSerializer反序列化漏洞
https://www.anquanke.com/post/id/173652
https://www.anquanke.com/post/id/173652
绕过Windows Defender的“繁琐”方法
https://nosec.org/home/detail/2373.html
https://nosec.org/home/detail/2373.html
Karta - source code assisted fast binary matching plugin for IDA
https://github.com/CheckPointSW/Karta
https://github.com/CheckPointSW/Karta
Multiple Ways to Exploiting OSX using PowerShell Empire
https://www.hackingarticles.in/multiple-ways-to-exploiting-osx-using-powershell-empire/
https://www.hackingarticles.in/multiple-ways-to-exploiting-osx-using-powershell-empire/
CVE-2018-17057 yet another phar deserialization in TCPDF
https://polict.net/blog/CVE-2018-17057
https://polict.net/blog/CVE-2018-17057
Google Books X-Hacking
https://medium.com/@terjanq/google-books-x-hacking-29c249862f19
https://medium.com/@terjanq/google-books-x-hacking-29c249862f19
Analysis of a Chrome Zero Day: CVE-2019-5786
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/analysis-of-a-chrome-zero-day-cve-2019-5786/
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/analysis-of-a-chrome-zero-day-cve-2019-5786/
Check Point Forensic Files: A New Monero CryptoMiner Campaign
https://blog.checkpoint.com/2019/03/19/check-point-forensic-files-monero-cryptominer-campaign-cryptojacking-crypto-apt-hacking/
https://blog.checkpoint.com/2019/03/19/check-point-forensic-files-monero-cryptominer-campaign-cryptojacking-crypto-apt-hacking/
How to Detect an Intruder-driven Group Policy Changes
https://habr.com/en/post/444048/
https://habr.com/en/post/444048/
An introduction to privileged file operation abuse on Windows
https://offsec.provadys.com/intro-to-file-operation-abuse-on-Windows.html
https://offsec.provadys.com/intro-to-file-operation-abuse-on-Windows.html
国际上跟暗网业务相关的厂商
https://mp.weixin.qq.com/s/ehO5UWBlGuLmFCSPef_oyw
https://mp.weixin.qq.com/s/ehO5UWBlGuLmFCSPef_oyw
Java Serialization Objects (JSO): An Exploitation Guide
https://www.rapid7.com/research/report/exploiting-jsos/
https://www.rapid7.com/research/report/exploiting-jsos/
在没有 root 或越狱的情况下绕过通用保护机制
https://www.slideshare.net/abrahamaranguren/pwning-mobile-apps-without-root-or-jailbreak-136622746
https://www.slideshare.net/abrahamaranguren/pwning-mobile-apps-without-root-or-jailbreak-136622746
Development of a new Windows 10 KASLR Bypass (in One WinDBG Command)
https://www.offensive-security.com/vulndev/development-of-a-new-windows-10-kaslr-bypass-in-one-windbg-command/
https://www.offensive-security.com/vulndev/development-of-a-new-windows-10-kaslr-bypass-in-one-windbg-command/
PHP7和PHP5在安全上的区别
https://nosec.org/home/detail/2375.html
https://nosec.org/home/detail/2375.html
CVE-2019-5786 FileReader Exploit
https://github.com/exodusintel/CVE-2019-5786/
https://github.com/exodusintel/CVE-2019-5786/
Vulnerability hunting with Semmle QL, part 2
https://blogs.technet.microsoft.com/srd/2019/03/19/vulnerability-hunting-with-semmle-ql-part-2/
https://blogs.technet.microsoft.com/srd/2019/03/19/vulnerability-hunting-with-semmle-ql-part-2/
Vulnerability hunting with Semmle QL, part 1
https://blogs.technet.microsoft.com/srd/2018/08/16/vulnerability-hunting-with-semmle-ql-part-1/
https://blogs.technet.microsoft.com/srd/2018/08/16/vulnerability-hunting-with-semmle-ql-part-1/
Reflected XSS in SolarWinds Database Performance Analyzer
https://medium.com/greenwolf-security/reflected-xss-in-solarwinds-database-performance-analyzer-988bd7a5cd5
https://medium.com/greenwolf-security/reflected-xss-in-solarwinds-database-performance-analyzer-988bd7a5cd5
Exploiting OGNL Injection in Apache Struts
https://pentest-tools.com/blog/exploiting-ognl-injection-in-apache-struts/
https://pentest-tools.com/blog/exploiting-ognl-injection-in-apache-struts/
Android app deobfuscation using static-dynamic cooperation
https://www.virusbulletin.com/blog/2019/03/vb2018-paper-and-video-android-app-deobfuscation-using-static-dynamic-cooperation/
https://www.virusbulletin.com/blog/2019/03/vb2018-paper-and-video-android-app-deobfuscation-using-static-dynamic-cooperation/
Hamburglar: collect useful information from urls, directories, and files
https://github.com/needmorecowbell/Hamburglar
https://github.com/needmorecowbell/Hamburglar
Denial of service in Facebook Fizz due to integer overflow (CVE-2019-3560)
https://lgtm.com/blog/facebook_fizz_CVE-2019-3560
https://lgtm.com/blog/facebook_fizz_CVE-2019-3560
分析攻击俄罗斯及乌克兰金融机构的恶意软件 BUHTRAP 泄漏的源码
https://blog.dcso.de/pegasus-buhtrap-analysis-of-the-malware-stage-based-on-the-leaked-source-code/
https://blog.dcso.de/pegasus-buhtrap-analysis-of-the-malware-stage-based-on-the-leaked-source-code/
SecWiki周刊(第263期)
https://www.sec-wiki.com/weekly/263
https://www.sec-wiki.com/weekly/263
-----微信ID:SecWiki-----
SecWiki,13年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第264期)
