SecWiki周刊(第249期)
2018/12/03-2018/12/09
安全资讯
安全技术
DEFCON黑客大会所有资料共740G
https://nosec.org/home/detail/2035.html
https://nosec.org/home/detail/2035.html
PbootCMS v1.3.2命令执行和SQL注入漏洞
https://nosec.org/home/detail/2001.html
https://nosec.org/home/detail/2001.html
PocHunter: 调用PoC框架(Beebeeto/PocSuite/TangScan/KsPoc)下的PoC.
https://github.com/DavexPro/PocHunter
https://github.com/DavexPro/PocHunter
Allscanner: 数据库和服务弱口令检测以及未授权访问检测
https://github.com/aedoo/Allscanner
https://github.com/aedoo/Allscanner
NLP从入门到放弃—处理威胁情报
https://zhuanlan.zhihu.com/p/50998317
https://zhuanlan.zhihu.com/p/50998317
公链安全之亦来云多个远程DoS漏洞详解
https://mp.weixin.qq.com/s/oACHhus9nvAiw13Yxy7zgA
https://mp.weixin.qq.com/s/oACHhus9nvAiw13Yxy7zgA
基于docker搭建开源扫描器——伏羲
https://bbs.ichunqiu.com/thread-48521-1-1.html
https://bbs.ichunqiu.com/thread-48521-1-1.html
PHPCMS 2008远程代码执行
http://www.lmxspace.com/2018/12/06/PHPCMS-2008%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C/
http://www.lmxspace.com/2018/12/06/PHPCMS-2008%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C/
iOS Bug Hunting – Web View XSS
https://www.allysonomalley.com/2018/12/03/ios-bug-hunting-web-view-xss/
https://www.allysonomalley.com/2018/12/03/ios-bug-hunting-web-view-xss/
CVE-2015-2370之DCOM DCE/RPC协议原理详细分析
https://www.anquanke.com/post/id/167057
https://www.anquanke.com/post/id/167057
Discuz x3.4 前台 SSRF 分析
https://paper.seebug.org/756/
https://paper.seebug.org/756/
关于Cobalt Strike的Malleable-C2-Profiles浅析
https://www.freebuf.com/articles/rookie/189948.html
https://www.freebuf.com/articles/rookie/189948.html
SvnExploit支持SVN源代码泄露全版本Dump源码
https://github.com/admintony/svnExploit
https://github.com/admintony/svnExploit
探索MySQL最新过狗万能密码
http://blackwolfsec.cc/2018/12/03/Mysql_trick_sql/
http://blackwolfsec.cc/2018/12/03/Mysql_trick_sql/
S-CMS企业建站v3几处SQL注入
https://bbs.ichunqiu.com/thread-48536-1-1.html
https://bbs.ichunqiu.com/thread-48536-1-1.html
CVE-2018-8021 Proof-Of-Concept and Exploit
https://github.com/r3dxpl0it/Apache-Superset-Remote-Code-Execution-PoC-CVE-2018-8021
https://github.com/r3dxpl0it/Apache-Superset-Remote-Code-Execution-PoC-CVE-2018-8021
Bellingcat专家如何挖掘俄罗斯人员真实身份信息
https://mp.weixin.qq.com/s/-d_Tj7nf8CHNmFRIAun0vQ
https://mp.weixin.qq.com/s/-d_Tj7nf8CHNmFRIAun0vQ
输入长度受限情况下的 XSS 攻击
https://xz.aliyun.com/t/3513
https://xz.aliyun.com/t/3513
Demystifying Obfuscation Used in the Thanksgiving Spam Campaign
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/demystifying-obfuscation-used-in-the-thanksgiving-spam-campaign/
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/demystifying-obfuscation-used-in-the-thanksgiving-spam-campaign/
基于MCU/MPU的物联网设备固件防护方法
https://mp.weixin.qq.com/s/JAmwJ7JFMev30uINIepWNQ
https://mp.weixin.qq.com/s/JAmwJ7JFMev30uINIepWNQ
开源情报在网络战研究中的实践
https://mp.weixin.qq.com/s/C-coVLE3BmwkRgyd4xIJug
https://mp.weixin.qq.com/s/C-coVLE3BmwkRgyd4xIJug
我如何发现ucweb.com的两个XSS
https://nosec.org/home/detail/2011.html
https://nosec.org/home/detail/2011.html
Security best practices for Azure solutions
https://azure.microsoft.com/mediahandler/files/resourcefiles/security-best-practices-for-azure-solutions/Azure%20Security%20Best%20Practices.pdf
https://azure.microsoft.com/mediahandler/files/resourcefiles/security-best-practices-for-azure-solutions/Azure%20Security%20Best%20Practices.pdf
SecWiki周刊(第248期)
https://www.sec-wiki.com/weekly/248
https://www.sec-wiki.com/weekly/248
BoNeSi - the DDoS Botnet Simulator
https://github.com/Markus-Go/bonesi
https://github.com/Markus-Go/bonesi
情报价值—探索情报对于企业的价值落地
https://weibo.com/ttarticle/p/show?id=2309404313114811219351
https://weibo.com/ttarticle/p/show?id=2309404313114811219351
ServerManagement: 服务器管理工具
https://github.com/cksgf/ServerManagement
https://github.com/cksgf/ServerManagement
MetasploitCTF-2018 Write-Up
https://pentest.com.tr/blog/MetasploitCTF-Write-Up-English-AkkuS.html
https://pentest.com.tr/blog/MetasploitCTF-Write-Up-English-AkkuS.html
Analysis of cyberattack on U.S. think tanks, non-profits, public sector by unide
https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/analysis-of-cyberattack-on-u-s-think-tanks-non-profits-public-sector-by-unidentified-attackers/?utm_source=Direct
https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/analysis-of-cyberattack-on-u-s-think-tanks-non-profits-public-sector-by-unidentified-attackers/?utm_source=Direct
长度受限情况下的 XSS 攻击
https://nosec.org/home/detail/2032.html
https://nosec.org/home/detail/2032.html
我是如何通过以前的渗透案例发现谷歌漏洞的
https://nosec.org/home/detail/2014.html
https://nosec.org/home/detail/2014.html
The #HITB2018DXB CTF hardware hacking challenge simple write-up
https://github.com/xwings/ctf.hitb2018dxb
https://github.com/xwings/ctf.hitb2018dxb
How to accidentally find a XSS in ProtonMail iOS app
https://www.secu.ninja/2018/12/04/how-to-accidentally-find-a-xss-in-protonmail-ios-app/
https://www.secu.ninja/2018/12/04/how-to-accidentally-find-a-xss-in-protonmail-ios-app/
T-Pot多蜜罐平台使用心法
https://www.freebuf.com/sectool/190840.html
https://www.freebuf.com/sectool/190840.html
利用postmessage偷取用户cookies
https://nosec.org/home/detail/2008.html
https://nosec.org/home/detail/2008.html
Metasploit Community CTF 2018 writeup
https://medium.com/alertot/metasploit-community-ctf-2018-writeup-23df21a68bc8
https://medium.com/alertot/metasploit-community-ctf-2018-writeup-23df21a68bc8
Mission Accomplished? HTTPS Security After DigiNotar
https://securitygossip.com/blog/2018/12/03/https-security-after-diginotar/
https://securitygossip.com/blog/2018/12/03/https-security-after-diginotar/
隐藏套件:虚假的身份,特殊的后门
https://www.freebuf.com/articles/network/188364.html
https://www.freebuf.com/articles/network/188364.html
物联网安全学习笔记之二—小试牛刀
https://www.anquanke.com/post/id/166821
https://www.anquanke.com/post/id/166821
AI for Security:智能化安全对抗的困境
https://xz.aliyun.com/t/3488
https://xz.aliyun.com/t/3488
nbulischeck/tyton: Kernel-Mode Rootkit Hunter
https://github.com/nbulischeck/tyton
https://github.com/nbulischeck/tyton
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第249期)
