SecWiki周刊(第321期)
2020/04/20-2020/04/26
安全技术
Vulfocus: 漏洞docker镜像集成平台
https://mp.weixin.qq.com/s/ArDDWYuc1A64qUzeyPRzZA
https://mp.weixin.qq.com/s/ArDDWYuc1A64qUzeyPRzZA
Android 中的特殊攻击面(一)——邪恶的对话框
https://paper.seebug.org/1174/
https://paper.seebug.org/1174/
近源渗透测试之USBninja实战
https://mp.weixin.qq.com/s/qCA-6zXbwpj8nyn5791zfg
https://mp.weixin.qq.com/s/qCA-6zXbwpj8nyn5791zfg
宜信SDL实践:产品经理如何驱动产品安全建设
https://segmentfault.com/a/1190000021257429
https://segmentfault.com/a/1190000021257429
Critical CSRF to RCE bug chain in Prestashop v1.7.6.4 and below
https://stazot.com/prestashop-csrf-to-rce-article/
https://stazot.com/prestashop-csrf-to-rce-article/
Windows域环境及域渗透
https://mp.weixin.qq.com/s/gvDzKFIsdhtkOKRANscEJA
https://mp.weixin.qq.com/s/gvDzKFIsdhtkOKRANscEJA
Stowaway -- Multi-hop Proxy Tool for pentesters
https://github.com/ph4ntonn/Stowaway
https://github.com/ph4ntonn/Stowaway
爱奇艺的业务安全风控“秘籍”
https://www.freebuf.com/articles/people/233378.html
https://www.freebuf.com/articles/people/233378.html
Xiaomi Mi9 (Pwn2Own 2019)
https://labs.f-secure.com/advisories/xiaomi-mi9/
https://labs.f-secure.com/advisories/xiaomi-mi9/
xioc: Extract IOCs from text, including "escaped" ones.
https://github.com/assafmo/xioc
https://github.com/assafmo/xioc
2020 虎符网络安全竞赛 web Writeup
https://www.anquanke.com/post/id/203417
https://www.anquanke.com/post/id/203417
关于防守方封IP的一些想法
https://mp.weixin.qq.com/s/pgaTlc8LoUvH7RtgeKCBrg
https://mp.weixin.qq.com/s/pgaTlc8LoUvH7RtgeKCBrg
MacOS Dylib Injection through Mach-O Binary Manipulation
https://malwareunicorn.org/workshops/macos_dylib_injection.html#0
https://malwareunicorn.org/workshops/macos_dylib_injection.html#0
IFFA文件格式漏洞交互式分析系统
http://www.asm64.com/IFFA/index.html
http://www.asm64.com/IFFA/index.html
Android 中的特殊攻击面(二)——危险的deeplink
https://paper.seebug.org/1175/
https://paper.seebug.org/1175/
红队测评技巧:对公司发起OSINT
https://xz.aliyun.com/t/7610
https://xz.aliyun.com/t/7610
流量分析在安全攻防上的探索实践
https://mp.weixin.qq.com/s/xz9v7cxQiGdsCUWbl5Lp1A
https://mp.weixin.qq.com/s/xz9v7cxQiGdsCUWbl5Lp1A
Building a Basic C2
https://0xrick.github.io/misc/c2/
https://0xrick.github.io/misc/c2/
The Hitchhiker's Guide to Shellcoding
https://slaeryan.github.io/
https://slaeryan.github.io/
haidragon/KiwiVM-1: virtualization encryption software for mobile applications
https://github.com/haidragon/KiwiVM-1
https://github.com/haidragon/KiwiVM-1
webshell "干掉" RASP
https://mp.weixin.qq.com/s/yykliM-b4_rStX5ucPWO2w
https://mp.weixin.qq.com/s/yykliM-b4_rStX5ucPWO2w
Python RASP 工程化:一次入侵的思考
https://mp.weixin.qq.com/s/icWaHsC6dzlclxfLhvQjYA
https://mp.weixin.qq.com/s/icWaHsC6dzlclxfLhvQjYA
构建企业级研发安全编码规范
https://mp.weixin.qq.com/s/PNvCvV4gYJkfIsKJ1ccneA
https://mp.weixin.qq.com/s/PNvCvV4gYJkfIsKJ1ccneA
内网横向渗透攻击流程
https://forum.90sec.com/t/topic/949
https://forum.90sec.com/t/topic/949
以虎嗅网4W+文章的文本挖掘为例,展现数据分析的一整套流程
https://www.jiqizhixin.com/articles/2018-12-20-18
https://www.jiqizhixin.com/articles/2018-12-20-18
移动基带安全研究系列文章之概念与系统篇
https://paper.seebug.org/1178/
https://paper.seebug.org/1178/
waf-bypass学习
https://xz.aliyun.com/t/7578
https://xz.aliyun.com/t/7578
Handbook of information collection for penetration testing and src
https://github.com/Qftm/Information_Collection_Handbook
https://github.com/Qftm/Information_Collection_Handbook
2019年工业控制网络安全态势白皮书
https://mp.weixin.qq.com/s/phcpafQnNBnyQ10FOcSriQ
https://mp.weixin.qq.com/s/phcpafQnNBnyQ10FOcSriQ
一些流行的云waf、cdn、lb的域名列表
https://bacde.me/post/some-waf-cdn-lb-list/
https://bacde.me/post/some-waf-cdn-lb-list/
Pulsar:一款功能强大的可视化网络足迹扫描平台
https://www.freebuf.com/articles/network/232520.html
https://www.freebuf.com/articles/network/232520.html
GhostBuild - MSBuild launchers for various GhostPack/.NET projects
https://github.com/bohops/GhostBuild
https://github.com/bohops/GhostBuild
一次Reverse出题手记
https://xz.aliyun.com/t/7619
https://xz.aliyun.com/t/7619
半自动化挖掘 request 实现多种中间件回显
https://paper.seebug.org/1181/
https://paper.seebug.org/1181/
Attacking and Auditing Docker Containers and Kubernetes Clusters
https://github.com/appsecco/attacking-and-auditing-docker-containers-and-kubernetes-clusters
https://github.com/appsecco/attacking-and-auditing-docker-containers-and-kubernetes-clusters
PHP代码审计之CTF系列(3)
https://mp.weixin.qq.com/s/o9HL8kPCuw5f8nvsWhzEhQ
https://mp.weixin.qq.com/s/o9HL8kPCuw5f8nvsWhzEhQ
Assistant plugin for vulnerability research
https://github.com/Martyx00/VulnFanatic
https://github.com/Martyx00/VulnFanatic
Tinyshell Under the Microscope
https://themittenmac.com/tinyshell-under-the-microscope/
https://themittenmac.com/tinyshell-under-the-microscope/
Grammar based fuzzing PDFs with Domato
https://symeonp.github.io/2020/04/18/grammar-based-fuzzing.html
https://symeonp.github.io/2020/04/18/grammar-based-fuzzing.html
Exploiting (Almost) Every Antivirus Software
https://www.rack911labs.com/research/exploiting-almost-every-antivirus-software/
https://www.rack911labs.com/research/exploiting-almost-every-antivirus-software/
Android Kernel Exploitation
https://cloudfuzz.github.io/android-kernel-exploitation/
https://cloudfuzz.github.io/android-kernel-exploitation/
joincap: Merge multiple pcap files together, gracefully.
https://github.com/assafmo/joincap
https://github.com/assafmo/joincap
How We Hacked an Android Game And Ranked First globally
https://payatu.com/blog/hrushikesh/how-i-hacked-an-android-game-and-ranked-first
https://payatu.com/blog/hrushikesh/how-i-hacked-an-android-game-and-ranked-first
Dissecting the Windows Defender Driver
https://www.n4r1b.com/posts/2020/04/dissecting-the-windows-defender-driver-wdfilter-part-4/
https://www.n4r1b.com/posts/2020/04/dissecting-the-windows-defender-driver-wdfilter-part-4/
体系化的WAF安全运营实践
https://mp.weixin.qq.com/s/BiH23k7xAeuwb5wwaOEKVw
https://mp.weixin.qq.com/s/BiH23k7xAeuwb5wwaOEKVw
Uninitialized Memory Disclosures in Web Applications
https://blog.silentsignal.eu/2020/04/20/uninitialized-memory-disclosures-in-web-applications/
https://blog.silentsignal.eu/2020/04/20/uninitialized-memory-disclosures-in-web-applications/
JSON Web Token Validation Bypass in Auth0 Authentication API
https://insomniasec.com/blog/auth0-jwt-validation-bypass
https://insomniasec.com/blog/auth0-jwt-validation-bypass
DLL hijacking vulnerabilities in Nirsoft tools
http://borncity.com/win/2020/04/16/dll-hijacking-vulnerabilities-in-nirsoft-tools/
http://borncity.com/win/2020/04/16/dll-hijacking-vulnerabilities-in-nirsoft-tools/
Exploiting POST-based XSSI
https://blog.cm2.pw/exploiting-post-based-xssi/
https://blog.cm2.pw/exploiting-post-based-xssi/
远控免杀专题-白名单(113个)总结篇
https://mp.weixin.qq.com/s/2bC5otYgIgGnod-cXwkfqw
https://mp.weixin.qq.com/s/2bC5otYgIgGnod-cXwkfqw
刨析NSA/ASD的WebShell防御指南
https://mp.weixin.qq.com/s/oswnCc18UhYOrc6OC0COaA
https://mp.weixin.qq.com/s/oswnCc18UhYOrc6OC0COaA
The Zaheck of Android Deep Links!
https://medium.com/@shivsahni2/the-zaheck-of-android-deep-links-a5f57dc4ae4c
https://medium.com/@shivsahni2/the-zaheck-of-android-deep-links-a5f57dc4ae4c
SMBGhost pre-auth RCE abusing Direct Memory Access structs
https://ricercasecurity.blogspot.com/2020/04/ill-ask-your-body-smbghost-pre-auth-rce.html
https://ricercasecurity.blogspot.com/2020/04/ill-ask-your-body-smbghost-pre-auth-rce.html
CryptoHack – A fun platform for learning cryptography
https://cryptohack.org/
https://cryptohack.org/
SecWiki周刊(第320期)
https://www.sec-wiki.com/weekly/320
https://www.sec-wiki.com/weekly/320
记一次对PUBG外挂病毒的反制过程
https://xz.aliyun.com/t/7626
https://xz.aliyun.com/t/7626
Sqlserver, or the Miner in the Basement
https://thedfirreport.com/2020/04/20/sqlserver-or-the-miner-in-the-basement/
https://thedfirreport.com/2020/04/20/sqlserver-or-the-miner-in-the-basement/
Android程序安全分析入门
https://mp.weixin.qq.com/s/58HGpBRngfov1yXReaTpNA
https://mp.weixin.qq.com/s/58HGpBRngfov1yXReaTpNA
Tale of two hypervisor bugs - Escaping from FreeBSD bhyve
http://www.phrack.org/papers/escaping_from_freebsd_bhyve.html
http://www.phrack.org/papers/escaping_from_freebsd_bhyve.html
Everything You Need to Know About IDOR
https://medium.com/@aysebilgegunduz/everything-you-need-to-know-about-idor-insecure-direct-object-references-375f83e03a87
https://medium.com/@aysebilgegunduz/everything-you-need-to-know-about-idor-insecure-direct-object-references-375f83e03a87
iOS acquisition methods compared: logical, full file system and iCloud
https://blog.elcomsoft.com/2020/04/ios-acquisition-methods-compared-logical-full-file-system-and-icloud/
https://blog.elcomsoft.com/2020/04/ios-acquisition-methods-compared-logical-full-file-system-and-icloud/
当PLC偶遇老旧但不乏经典的高级组包工具Hping3
https://mp.weixin.qq.com/s/iV9Ib9l4rrbC0oZe1gdDcg
https://mp.weixin.qq.com/s/iV9Ib9l4rrbC0oZe1gdDcg
OSS-Fuzz data in Vulners
https://vulners.blog/2020/04/17/ossfuzz-from-vulners/
https://vulners.blog/2020/04/17/ossfuzz-from-vulners/
Terminal Escape Injection
https://www.infosecmatter.com/terminal-escape-injection/
https://www.infosecmatter.com/terminal-escape-injection/
OWASP Firmware Security Testing Methodology
https://scriptingxss.gitbook.io/firmware-security-testing-methodology/
https://scriptingxss.gitbook.io/firmware-security-testing-methodology/
A HTTP PoC Endpoint for cve-2020-5260
https://github.com/brompwnie/cve-2020-5260/
https://github.com/brompwnie/cve-2020-5260/
Lateral Movement: PowerShell Remoting
https://medium.com/@subhammisra45/lateral-movement-powershell-remoting-89da402a9885
https://medium.com/@subhammisra45/lateral-movement-powershell-remoting-89da402a9885
pingfisher: A ping detection tool for linux
https://github.com/xscorp/pingfisher
https://github.com/xscorp/pingfisher
Is BGP safe yet? · Cloudflare
https://isbgpsafeyet.com/
https://isbgpsafeyet.com/
CVE-2020-0791
https://cpr-zero.checkpoint.com/vulns/cprid-2147/
https://cpr-zero.checkpoint.com/vulns/cprid-2147/
GHSL-2020-038: Use after free in Chrome WebAudio
https://securitylab.github.com/advisories/GHSL-2020-038-chrome
https://securitylab.github.com/advisories/GHSL-2020-038-chrome
This challenge is Inon Shkedy's 31 days API Security Tips.
https://github.com/smodnix/31-days-of-API-Security-Tips
https://github.com/smodnix/31-days-of-API-Security-Tips
awesome-virtualization: Collection of resources about Virtualization
https://github.com/Wenzel/awesome-virtualization
https://github.com/Wenzel/awesome-virtualization
A Defender's Guide For Rootkit Detection: Episode 1
https://labs.jumpsec.com/2020/04/20/a-defenders-guide-for-rootkit-detection-episode-1-kernel-drivers/?preview=true
https://labs.jumpsec.com/2020/04/20/a-defenders-guide-for-rootkit-detection-episode-1-kernel-drivers/?preview=true
Subdomain Takeover: Thoughts on Risks
https://mp.weixin.qq.com/s/fn3_2kC6ljUL3ac1Mhuh1A
https://mp.weixin.qq.com/s/fn3_2kC6ljUL3ac1Mhuh1A
AIL framework - Analysis Information Leak framework
https://github.com/ail-project/ail-framework
https://github.com/ail-project/ail-framework
SystemToken: Steal privileged token to obtain SYSTEM shell
https://github.com/yusufqk/SystemToken
https://github.com/yusufqk/SystemToken
Abusing HTTP Path Normalization and Cache Poisoning to steal accounts
https://samcurry.net/abusing-http-path-normalization-and-cache-poisoning-to-steal-rocket-league-accounts/
https://samcurry.net/abusing-http-path-normalization-and-cache-poisoning-to-steal-rocket-league-accounts/
-----微信ID:SecWiki-----
SecWiki,13年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第321期)
