SecWiki周刊(第271期)
2019/05/06-2019/05/12
安全资讯
三星泄露SmartThings应用程序源代码和密钥
https://nosec.org/home/detail/2565.html
https://nosec.org/home/detail/2565.html
饿了么王彬:安全即是公平 实现要靠运营
https://mp.weixin.qq.com/s/3UYObnoZV_g-AZFdSoxJLg
https://mp.weixin.qq.com/s/3UYObnoZV_g-AZFdSoxJLg
情报指挥中心加入公安部直属机关序列
https://mp.weixin.qq.com/s/ULHbGTI1YosdZG23aAE4Qw
https://mp.weixin.qq.com/s/ULHbGTI1YosdZG23aAE4Qw
布拉格5G安全大会 “布拉格提案”
https://mp.weixin.qq.com/s/sktQAoNeE-3na9lBPm9nzg
https://mp.weixin.qq.com/s/sktQAoNeE-3na9lBPm9nzg
FBI查获DeepDotWeb并逮捕其管理员
https://nosec.org/home/detail/2564.html
https://nosec.org/home/detail/2564.html
汉堡王的儿童网上商店泄露数万条顾客信息
https://nosec.org/home/detail/2566.html
https://nosec.org/home/detail/2566.html
赛门铁克公司加入美国防部的网络威胁情报共享项目
https://mp.weixin.qq.com/s/tHjveTuc1bi0TxmJKwMoGw
https://mp.weixin.qq.com/s/tHjveTuc1bi0TxmJKwMoGw
安全技术
EL3 Tour: Get the Ultimate Privilege of Android Phone
https://speakerdeck.com/hhj4ck/el3-tour-get-the-ultimate-privilege-of-android-phone
https://speakerdeck.com/hhj4ck/el3-tour-get-the-ultimate-privilege-of-android-phone
Android安全的思维导图
https://bbs.pediy.com/thread-251061.htm
https://bbs.pediy.com/thread-251061.htm
SonarQube+DependencyCheck实现第三方依赖安全扫描
https://bloodzer0.github.io/ossa/other-security-branch/devsecops/sdc/
https://bloodzer0.github.io/ossa/other-security-branch/devsecops/sdc/
HTTPDecrypt: 利用HTTP协议 远程加解密数据包,实现Burp一条龙服务
https://github.com/lyxhh/lxhToolHTTPDecrypt
https://github.com/lyxhh/lxhToolHTTPDecrypt
Android Application Diffing: CVE-2019-10875 Inspection
https://blog.quarkslab.com/android-application-diffing-cve-2019-10875-inspection.html
https://blog.quarkslab.com/android-application-diffing-cve-2019-10875-inspection.html
SSH 登陆问题及排查思路
https://www.infoq.cn/article/pqU7iMf8cHpz-RNLOslJ
https://www.infoq.cn/article/pqU7iMf8cHpz-RNLOslJ
D-Link camera vulnerability allows attackers to tap into the video stream
https://www.welivesecurity.com/2019/05/02/d-link-camera-vulnerability-video-stream/
https://www.welivesecurity.com/2019/05/02/d-link-camera-vulnerability-video-stream/
从攻守日志 看网络江湖的快意恩仇
http://blog.nsfocus.net/looking-at-the-network-rivers-and-lakes-from-the-attack-and-defense-logs/
http://blog.nsfocus.net/looking-at-the-network-rivers-and-lakes-from-the-attack-and-defense-logs/
2019 虎鲸杯电子取证大赛赛后复盘总结
https://www.anquanke.com/post/id/177714
https://www.anquanke.com/post/id/177714
使用Suricata和ELK进行流量检测
https://zhuanlan.zhihu.com/p/64742715
https://zhuanlan.zhihu.com/p/64742715
Feathering for SSIDs
https://medium.com/@elkentaro/feathering-for-ssids-bd69ad41165a
https://medium.com/@elkentaro/feathering-for-ssids-bd69ad41165a
我的CSP绕过思路及总结
https://xz.aliyun.com/t/5084
https://xz.aliyun.com/t/5084
Exploiting Logic Bugs in JavaScript JIT Engines
http://phrack.org/papers/jit_exploitation.html
http://phrack.org/papers/jit_exploitation.html
itops: 基于Python + Django的AD\Exchange管理系统
https://github.com/openitsystem/itops?from=timeline
https://github.com/openitsystem/itops?from=timeline
如何入侵基于RMI的JMX服务
https://nosec.org/home/detail/2544.html
https://nosec.org/home/detail/2544.html
Exploit for CVE-2019-9810 Firefox on Windows 64 bits
https://github.com/0vercl0k/CVE-2019-9810
https://github.com/0vercl0k/CVE-2019-9810
Hack The Box - BigHead
https://0xrick.github.io/hack-the-box/bighead/
https://0xrick.github.io/hack-the-box/bighead/
基于统计分析的ICMP隧道检测方法与实现
https://www.freebuf.com/articles/network/202634.html
https://www.freebuf.com/articles/network/202634.html
Taking Control of VMware Through the Universal Host Controller Interface: Part 1
https://www.zerodayinitiative.com/blog/2019/5/7/taking-control-of-vmware-through-the-universal-host-controller-interface-part-1
https://www.zerodayinitiative.com/blog/2019/5/7/taking-control-of-vmware-through-the-universal-host-controller-interface-part-1
wpbullet: A static code analysis for WordPress (and PHP)
https://github.com/webarx-security/wpbullet
https://github.com/webarx-security/wpbullet
浅谈入侵溯源过程中的一些常见姿势
https://www.freebuf.com/articles/network/202168.html
https://www.freebuf.com/articles/network/202168.html
2600万TRX被盗背后的罗生门
https://mp.weixin.qq.com/s/aInEaYdS9X7HP7FbzWl6AQ?from=timeline
https://mp.weixin.qq.com/s/aInEaYdS9X7HP7FbzWl6AQ?from=timeline
Cisco Talos报告Alpine Linux Docker镜像中的硬编码凭据
https://nosec.org/home/detail/2568.html
https://nosec.org/home/detail/2568.html
x-up-devcap-post-charset Header in ASP.NET to Bypass WAFs Again!
https://soroush.secproject.com/blog/2019/05/x-up-devcap-post-charset-header-in-aspnet-to-bypass-wafs-again/
https://soroush.secproject.com/blog/2019/05/x-up-devcap-post-charset-header-in-aspnet-to-bypass-wafs-again/
利用ASP.NET中的x-up-devcap-post-charset请求头绕过Web防火墙
https://nosec.org/home/detail/2556.html
https://nosec.org/home/detail/2556.html
How to Reverse Malware on macOS Without Getting Infected | Part 1
https://www.sentinelone.com/blog/how-to-reverse-macos-malware-part-one/
https://www.sentinelone.com/blog/how-to-reverse-macos-malware-part-one/
Command injection by setting a custom search engine
https://hackerone.com/reports/497312
https://hackerone.com/reports/497312
SecWiki周刊(第270期)
https://www.sec-wiki.com/weekly/270
https://www.sec-wiki.com/weekly/270
Hijacking browser TLS traffic through Client Domain Hooking
https://blog.duszynski.eu/hijacking-browser-tls-traffic-through-client-domain-hooking/
https://blog.duszynski.eu/hijacking-browser-tls-traffic-through-client-domain-hooking/
List of Awesome Asset Discovery Resources
https://github.com/redhuntlabs/Awesome-Asset-Discovery
https://github.com/redhuntlabs/Awesome-Asset-Discovery
Watermark: 网页添加水印的库
https://github.com/YanxinTang/Watermark
https://github.com/YanxinTang/Watermark
“不可破解”生物识别USB通过纯文本传输密码
https://nosec.org/home/detail/2567.html
https://nosec.org/home/detail/2567.html
ExtAnalysis: Browser Extension Analysis Framework
https://github.com/Tuhinshubhra/ExtAnalysis
https://github.com/Tuhinshubhra/ExtAnalysis
write-after-free vulnerability in Firefox, Analysis and Exploitation
https://news.sophos.com/en-us/2019/04/18/protected-cve-2018-18500-heap-write-after-free-in-firefox-analysis-and-exploitation/
https://news.sophos.com/en-us/2019/04/18/protected-cve-2018-18500-heap-write-after-free-in-firefox-analysis-and-exploitation/
Open Source SIRP with Elasticsearch and TheHive
https://arnaudloos.com/2019/open-source-sirp-overview/
https://arnaudloos.com/2019/open-source-sirp-overview/
Browser、Mitigation 、Kernel 等漏洞利用相关研究
https://github.com/yeyintminthuhtut/Awesome-Advanced-Windows-Exploitation-References
https://github.com/yeyintminthuhtut/Awesome-Advanced-Windows-Exploitation-References
Tale of a Wormable Twitter XSS
https://www.virtuesecurity.com/tale-of-a-wormable-twitter-xss/
https://www.virtuesecurity.com/tale-of-a-wormable-twitter-xss/
Looking inside the box
https://anvilventures.com/blog/looking-inside-the-box.html
https://anvilventures.com/blog/looking-inside-the-box.html
From zero to tfp0 - Part 2: Walkthrough of the voucher_swap exploit
https://www.darkmatter.ae/papers-articles/from-zero-to-tfp0-part-2-a-walkthrough-of-the-voucher_swap-exploit/
https://www.darkmatter.ae/papers-articles/from-zero-to-tfp0-part-2-a-walkthrough-of-the-voucher_swap-exploit/
2019 Data Breach Investigations Report
https://enterprise.verizon.com/resources/reports/2019-data-breach-investigations-report.pdf
https://enterprise.verizon.com/resources/reports/2019-data-breach-investigations-report.pdf
Comprehensive walkthrough of the LTDH19 RE challenges
https://blog.syscall.party/post/ltdh-re-walkthrough/
https://blog.syscall.party/post/ltdh-re-walkthrough/
Broadcom无线芯片组的逆向分析之旅
https://nosec.org/home/detail/2540.html
https://nosec.org/home/detail/2540.html
Exploring Mimikatz - Part 1
https://blog.xpnsec.com/exploring-mimikatz-part-1/
https://blog.xpnsec.com/exploring-mimikatz-part-1/
Eight Devices, One Exploit
https://medium.com/tenable-techblog/eight-devices-one-exploit-f5fc28c70a7c
https://medium.com/tenable-techblog/eight-devices-one-exploit-f5fc28c70a7c
SSH Honey Keys
https://kulinacs.com/ssh-honey-keys/
https://kulinacs.com/ssh-honey-keys/
tetanus: Helper script for mangling CS payloads
https://github.com/secgroundzero/tetanus
https://github.com/secgroundzero/tetanus
The XSS challenge that +100k people saw but only 90 solved
https://blog.intigriti.com/2019/05/06/intigriti-xss-challenge-1/
https://blog.intigriti.com/2019/05/06/intigriti-xss-challenge-1/
如何攻击Mirai僵尸网络(及其变种)的控制服务器?
https://nosec.org/home/detail/2558.html
https://nosec.org/home/detail/2558.html
Using Win95 kernel32.dll exports like a virus
https://log.vexation.ca/2019/04/using-win95-kernel32dll-exports-like.html?m=1
https://log.vexation.ca/2019/04/using-win95-kernel32dll-exports-like.html?m=1
Bashter: Web Crawler, Scanner, and Analyzer Framework (Shell-Script based)
https://github.com/zerobyte-id/Bashter
https://github.com/zerobyte-id/Bashter
Detailed Analysis of macOS Vulnerability CVE-2019-8507
https://www.fortinet.com/blog/threat-research/detailed-analysis-mac-os-vulnerability-cve-2019-8507.html
https://www.fortinet.com/blog/threat-research/detailed-analysis-mac-os-vulnerability-cve-2019-8507.html
聊聊安全测试中如何快速搞定Webshell
https://www.freebuf.com/articles/web/201421.html
https://www.freebuf.com/articles/web/201421.html
From Zero to tfp0 - Part 1: Prologue
https://www.darkmatter.ae/papers-articles/from-zero-to-tfp0-part-1-prologue/
https://www.darkmatter.ae/papers-articles/from-zero-to-tfp0-part-1-prologue/
Unpacking Redaman Malware & Basics of Self-Injection Packers
https://liveoverflow.com/unpacking-buhtrap-malware-basics-of-self-injection-packers-ft-oalabs-2/
https://liveoverflow.com/unpacking-buhtrap-malware-basics-of-self-injection-packers-ft-oalabs-2/
Throwing 500 vm’s at your fuzzing target being an individual security researcher
https://kciredor.com/throwing-500-vms-fuzzing-target-individual-security-researcher.html
https://kciredor.com/throwing-500-vms-fuzzing-target-individual-security-researcher.html
Finding Registry Malware Persistence with RECmd
https://digital-forensics.sans.org/blog/2019/05/07/malware-persistence-recmd/
https://digital-forensics.sans.org/blog/2019/05/07/malware-persistence-recmd/
XMLDecoder解析流程分析
https://mp.weixin.qq.com/s/FupNkLOOWAabvnC3Yob_uw
https://mp.weixin.qq.com/s/FupNkLOOWAabvnC3Yob_uw
An Old Cisco OpenSSH Bug
https://medium.com/tenable-techblog/an-old-cisco-openssh-bug-342ce6679f61
https://medium.com/tenable-techblog/an-old-cisco-openssh-bug-342ce6679f61
Malicious DLL execution using Apple's APSDaemon.exe signed binary
https://0x00sec.org/t/malicious-dll-execution-using-apples-apsdaemon-exe-signed-binary/13409
https://0x00sec.org/t/malicious-dll-execution-using-apples-apsdaemon-exe-signed-binary/13409
Security Data Science Learning Resources
https://medium.com/@jason_trost/security-data-science-learning-resources-8f7586995040
https://medium.com/@jason_trost/security-data-science-learning-resources-8f7586995040
Vulmap: Vulmap Online Local Vulnerability Scanners Project
https://github.com/vulmon/Vulmap
https://github.com/vulmon/Vulmap
2600万TRX被盗背后的罗生门 - 第二集
https://mp.weixin.qq.com/s/9Cl6-ZmAi-U3Qi6cPVZJxQ?from=timeline
https://mp.weixin.qq.com/s/9Cl6-ZmAi-U3Qi6cPVZJxQ?from=timeline
response: Monzo's real-time incident response and reporting tool
https://github.com/monzo/response
https://github.com/monzo/response
-----微信ID:SecWiki-----
SecWiki,13年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第271期)
