SecWiki周刊(第285期)
2019/08/12-2019/08/18
安全资讯
网络安全“圣地”之行
安全技术
网络与信息安全领域专赛-WriteUp 网络与信息安全领域专项赛WP IoT固件逆向入门 AggressorScript-UploadAndRunFrp GetWindowsKernelExploitsKB(获取系统KB补丁对于的MS号) Dr.Semu - Malware Detection and Classification Tool Based on Dynamic Behavior Fortigate SSL VPN任意文件读取(可直接登录VPN) JNDI远程代码执行漏洞详解 Exchange渗透测试总结 Mautic Remote Code Execution Debugging Cordova Applications CTF工业信息安全大赛实践与分析 fuzzowski: the Network Protocol Fuzzer that we will want to use. Subdomain takeover - Chapter two: Azure Services solr-injection: Apache Solr Injection Research Intercepting traffic from Android Flutter applications SysmonHunter:一个简单的基于ATT&CK的Sysmon日志狩猎工具 Microsoft Vulnerability Severity Classification for Windows SELECT code_execution FROM * USING SQLite; Reversing an Oppo ozip encryption key from encrypted firmware Defcon 27游记 butthax: lovense hush buttplug exploit chain Comodo Antivirus - Sandbox Race Condition Use-After-Free (CVE-2019-14694) IOC Explorer:自动化关联失陷指标的工具 基于机器学习的jsp/jspx webshell检测 DNS攻防皮毛(一) Building a custom malware sandbox with PANDA KNOB Attack WebLogic安全研究报告 Static Analysis at Scale: An Instagram Story Simple Anti-RE Trick DEF CON CTF 27 Final 游记 Monitoring the State of Internet Routing Security The state of advanced code injections 拟态防御系列问题分析 goop: Google Search Scraper Code Execution via Fiber Local Storage 教会微信:突破文件发送100M限制 Three (And A Half) Vulns For The Price of One! CVE-2019-0193:Apache Solr远程执行代码漏洞预警 Threat hunting using DNS firewalls and data enrichment 如何攻击Fortigate SSL VPN Responding to Firefox 0-days in the wild Simple & Interactive SSRF tutorial Several DoS conditions in certain HTTP/2 implementations Clickjacking DOM XSS on Google.org RouterOS Post Exploitation Privilege Escalation in Cloud Foundry UAA CVE-2018-4259: MacOS NFS vulnerabilties lead to kernel RCE Generating Personalized Wordlists with NLP For Password Guessing Attacks How To Attack Kerberos 101 Offensive Lateral Movement HTML注入:利用HTML标签绕过CSP Exploiting Out Of Band XXE using internal network and php wrappers 从SOAR中求解应用安全建设强运营突围之法 JNDI Injection using Getter Based Deserialization Gadgets How to Build Your Own Penetration Testing Dropbox Using a Raspberry Pi 4 Meteor Blind NoSQL Injection-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com
本期原文地址: SecWiki周刊(第285期)