SecWiki周刊(第260期)
2019/02/18-2019/02/24
安全资讯
关于境内大量家用路由器DNS被篡改情况通报
https://mp.weixin.qq.com/s/5ZOhusBPwQ0WdTBgrStfMg
https://mp.weixin.qq.com/s/5ZOhusBPwQ0WdTBgrStfMg
RSA 2019参展机构增至736家 云安全已成主流
https://www.aqniu.com/industry/43763.html
https://www.aqniu.com/industry/43763.html
北京师范大学被列为“联合国网络犯罪问题政府间专家组”观察员
https://mp.weixin.qq.com/s/Ra1rcTl7K-Dtug9tNUwLPA
https://mp.weixin.qq.com/s/Ra1rcTl7K-Dtug9tNUwLPA
安全技术
今年的OffensiveCon大会议题质量不错(附资料下载)
https://mp.weixin.qq.com/s/8bpcNK06tpKbi7gHJEdlUA
https://mp.weixin.qq.com/s/8bpcNK06tpKbi7gHJEdlUA
BlueHatIL 2019 Abstracts
https://www.bluehatil.com/abstracts
https://www.bluehatil.com/abstracts
Drupal core - Highly critical - Remote Code Execution - SA-CORE-2019-003
https://www.drupal.org/sa-core-2019-003
https://www.drupal.org/sa-core-2019-003
CVE-2019-0626 | Windows DHCP Server Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0626
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0626
Container Escape Flaw Hits AWS, Google Cloud, Linux Distros
https://www.securityweek.com/container-escape-flaw-hits-aws-google-cloud-linux-distros
https://www.securityweek.com/container-escape-flaw-hits-aws-google-cloud-linux-distros
Adobe ColdFusion 反序列化RCE漏洞分析(CVE-2019-7091)
https://mp.weixin.qq.com/s?__biz=MzAwNTI1NDI3MQ==&mid=2649613813&idx=1&sn=fc1c55360efd5a1ff2e7d8ff25825f8a&scene=21#wechat_redirect
https://mp.weixin.qq.com/s?__biz=MzAwNTI1NDI3MQ==&mid=2649613813&idx=1&sn=fc1c55360efd5a1ff2e7d8ff25825f8a&scene=21#wechat_redirect
PowerShell Empire 免杀过 Windows Defender
https://www.blackhillsinfosec.com/getting-powershell-empire-past-windows-defender/
https://www.blackhillsinfosec.com/getting-powershell-empire-past-windows-defender/
TTPs & IOCs & 痛苦金字塔
https://mp.weixin.qq.com/s/rZ_XOrsWaFvl8xE2PFuZEg
https://mp.weixin.qq.com/s/rZ_XOrsWaFvl8xE2PFuZEg
等保2.0要点解析及落地实施技术攻略
https://www.kiwisec.com/news/detail/5c6b6a94c649181e28b81dce.html
https://www.kiwisec.com/news/detail/5c6b6a94c649181e28b81dce.html
Micro8: PHP安全新闻早8点全部文档
https://github.com/Micropoor/Micro8
https://github.com/Micropoor/Micro8
使用osqueryd监控系统
http://www.polaris-lab.com/index.php/archives/618/
http://www.polaris-lab.com/index.php/archives/618/
wordpress-image-远程代码执行漏洞分析
https://kylingit.com/blog/wordpress-image-%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/
https://kylingit.com/blog/wordpress-image-%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/
Discuz 3.4 越权登陆漏洞分析
https://nosec.org/home/detail/2256.html
https://nosec.org/home/detail/2256.html
Kerberos unconstrained delegation abuse toolkit
https://github.com/dirkjanm/krbrelayx
https://github.com/dirkjanm/krbrelayx
LG Device Manager LHA 内核驱动本地提权漏洞(CVE-2019-8372)
http://www.jackson-t.ca/lg-driver-lpe.html
http://www.jackson-t.ca/lg-driver-lpe.html
三层网络靶场搭建&MSF内网渗透
https://www.anquanke.com/post/id/170649
https://www.anquanke.com/post/id/170649
Pwning WPA/WPA2 Networks With Bettercap and the PMKID Client-Less Attack
https://www.evilsocket.net/2019/02/13/Pwning-WiFi-networks-with-bettercap-and-the-PMKID-client-less-attack/
https://www.evilsocket.net/2019/02/13/Pwning-WiFi-networks-with-bettercap-and-the-PMKID-client-less-attack/
5篇顶会论文带你了解知识图谱最新研究进展
https://mp.weixin.qq.com/s/nomVWAuvuxFJLWoxHoUCqg
https://mp.weixin.qq.com/s/nomVWAuvuxFJLWoxHoUCqg
某市某单位“驱动人生”事件7小时应急响应
https://mp.weixin.qq.com/s/C8x6fVm7QVwWCEpzCBBRSg
https://mp.weixin.qq.com/s/C8x6fVm7QVwWCEpzCBBRSg
全网筛查 WinRAR 代码执行漏洞 (CVE-2018-20250)
https://xlab.tencent.com/cn/2019/02/22/investigating-winrar-code-execution-vulnerability-cve-2018-20250-at-internet-scale/
https://xlab.tencent.com/cn/2019/02/22/investigating-winrar-code-execution-vulnerability-cve-2018-20250-at-internet-scale/
CVE-2019-6453: RCE on mIRC
https://proofofcalc.com/cve-2019-6453-mIRC/
https://proofofcalc.com/cve-2019-6453-mIRC/
SANCTUARY - 一款在 TrustZone 生态系统中提供可信环境的安全框架
https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_01A-1_Brasser_paper.pdf
https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_01A-1_Brasser_paper.pdf
Onion之眼:暗网的隐私与追踪
https://mp.weixin.qq.com/s/JyGaOV-wBVYCF6gKhYswWw
https://mp.weixin.qq.com/s/JyGaOV-wBVYCF6gKhYswWw
CNN+BLSTM+CTC的验证码识别从训练到部署
https://www.freebuf.com/articles/web/195469.html
https://www.freebuf.com/articles/web/195469.html
DARPA HACCS计划介绍
http://www.arkteam.net/?p=4243
http://www.arkteam.net/?p=4243
Kali linux 2016.2(Rolling)里安装OpenVAS
https://www.cnblogs.com/zlslch/p/6872559.html
https://www.cnblogs.com/zlslch/p/6872559.html
微信PC端技术研究(3)-如何找到消息发送接口
https://mp.weixin.qq.com/s/uUXB9AHtnhCsD7gAfFYRoA
https://mp.weixin.qq.com/s/uUXB9AHtnhCsD7gAfFYRoA
Chashell: Go reverse shell that communicates over DNS
https://github.com/sysdream/chashell
https://github.com/sysdream/chashell
Typora XSS 到 RCE (上)
https://www.anquanke.com/post/id/170665
https://www.anquanke.com/post/id/170665
从两道CTF实例看python格式化字符串漏洞
https://www.anquanke.com/post/id/170620
https://www.anquanke.com/post/id/170620
Node.js 原型污染攻击的分析与利用
https://blog.0daylabs.com/2019/02/15/prototype-pollution-javascript/
https://blog.0daylabs.com/2019/02/15/prototype-pollution-javascript/
Detecting Web Attacks with a Seq2Seq Autoencoder
http://blog.ptsecurity.com/2019/02/detecting-web-attacks-with-seq2seq.html
http://blog.ptsecurity.com/2019/02/detecting-web-attacks-with-seq2seq.html
Extracting a 19 Year Old Code Execution from WinRAR
https://research.checkpoint.com/extracting-code-execution-from-winrar/
https://research.checkpoint.com/extracting-code-execution-from-winrar/
2018勒索病毒白皮书(政企篇)
http://zt.360.cn/1101061855.php?dtid=1101062514&did=210845178
http://zt.360.cn/1101061855.php?dtid=1101062514&did=210845178
使用 Tor 进行匿名文件分享的开源工具 - OnionShare 2
https://micahflee.com/2019/02/onionshare-2/
https://micahflee.com/2019/02/onionshare-2/
TikiTorch - 一款允许在任意进程中执行任意 ShellCode 的工具
https://github.com/rasta-mouse/TikiTorch
https://github.com/rasta-mouse/TikiTorch
EDR检测持久化Persistence入门
https://mp.weixin.qq.com/s/AKdnFKn8oXocZ5eyfB2D9g
https://mp.weixin.qq.com/s/AKdnFKn8oXocZ5eyfB2D9g
Make It Rain with MikroTik – Tenable TechBlog – Medium
https://medium.com/tenable-techblog/make-it-rain-with-mikrotik-c90705459bc6
https://medium.com/tenable-techblog/make-it-rain-with-mikrotik-c90705459bc6
探索Ruby项目中的反序列化问题
https://xz.aliyun.com/t/4111
https://xz.aliyun.com/t/4111
Hacking Jenkins Part 2 - Abusing Meta Programming for Unauthenticated RCE!
https://devco.re/blog/2019/02/19/hacking-Jenkins-part2-abusing-meta-programming-for-unauthenticated-RCE/
https://devco.re/blog/2019/02/19/hacking-Jenkins-part2-abusing-meta-programming-for-unauthenticated-RCE/
Typora XSS 到 RCE(下)
https://www.anquanke.com/post/id/170756
https://www.anquanke.com/post/id/170756
智能 GPS 跟踪器的安全与隐私问题研究
https://arxiv.org/ftp/arxiv/papers/1902/1902.05318.pdf
https://arxiv.org/ftp/arxiv/papers/1902/1902.05318.pdf
WordPress 5.0.0 Remote Code Execution
https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
HTTP安全标头及其工作原理(上)
http://www.4hou.com/web/16145.html
http://www.4hou.com/web/16145.html
Malware PowerShell shellcode analysis
https://github.com/JohnLaTwC/Shared/blob/master/notebooks/Malware%20PowerShell%20shellcode%20analysis.ipynb
https://github.com/JohnLaTwC/Shared/blob/master/notebooks/Malware%20PowerShell%20shellcode%20analysis.ipynb
端口安全(持续更新)
https://bloodzer0.github.io/ossa/infrastructure-security/host-security/host-security-scan/port/
https://bloodzer0.github.io/ossa/infrastructure-security/host-security/host-security-scan/port/
Linux常见backdoor及排查技术
https://xz.aliyun.com/t/4090
https://xz.aliyun.com/t/4090
一个go语言crackme分析
https://mp.weixin.qq.com/s/tgd2u2FPfdC3dyLufSBHVg
https://mp.weixin.qq.com/s/tgd2u2FPfdC3dyLufSBHVg
Analyzing the Windows LNK file attack method
https://dexters-lab.net/2019/02/16/analyzing-the-windows-lnk-file-attack-method/
https://dexters-lab.net/2019/02/16/analyzing-the-windows-lnk-file-attack-method/
SecWiki周刊(第259期)
https://www.sec-wiki.com/weekly/259
https://www.sec-wiki.com/weekly/259
erbbysam/DNSGrep: Quickly Search Large DNS Datasets
https://github.com/erbbysam/dnsgrep/
https://github.com/erbbysam/dnsgrep/
如何对 JavaScript 引擎进行 Fuzzing
https://saelo.github.io/presentations/offensivecon_19_fuzzilli.pdf
https://saelo.github.io/presentations/offensivecon_19_fuzzilli.pdf
HTTP安全标头及其工作原理(下)
http://www.4hou.com/web/16146.html
http://www.4hou.com/web/16146.html
FaceTime Texture 处理过程中的内存破坏漏洞(CVE-2019-6224)
https://bugs.chromium.org/p/project-zero/issues/detail?id=1732
https://bugs.chromium.org/p/project-zero/issues/detail?id=1732
AI-Security-Learning: 安全检测与数据挖掘的学习资料
https://github.com/0xMJ/AI-Security-Learning
https://github.com/0xMJ/AI-Security-Learning
Webkit Exploitation Tutorial
https://www.auxy.xyz/tutorial/Webkit-Exp-Tutorial/#virtual-machine
https://www.auxy.xyz/tutorial/Webkit-Exp-Tutorial/#virtual-machine
How-To-Secure-A-Linux-Server
https://github.com/imthenachoman/How-To-Secure-A-Linux-Server
https://github.com/imthenachoman/How-To-Secure-A-Linux-Server
Oracle Java glyph_CloseContour 的运行时 TTF 字体越界读取漏洞
https://bugs.chromium.org/p/project-zero/issues/detail?id=1779
https://bugs.chromium.org/p/project-zero/issues/detail?id=1779
通过 JavaScript 编译器攻击 Edge
https://github.com/bkth/Attacking-Edge-Through-the-JavaScript-Compiler
https://github.com/bkth/Attacking-Edge-Through-the-JavaScript-Compiler
$1.000 SSRF in Slack
https://medium.com/@elberandre/1-000-ssrf-in-slack-7737935d3884
https://medium.com/@elberandre/1-000-ssrf-in-slack-7737935d3884
如何绕过 EDR’s 的内存保护
https://movaxbx.ru/2019/02/19/bypass-edrs-memory-protection-introduction-to-hooking/
https://movaxbx.ru/2019/02/19/bypass-edrs-memory-protection-introduction-to-hooking/
Windows Firewall Post Exploitation with Netsh
https://www.hackingarticles.in/windows-firewall-post-exploitation-with-netsh/
https://www.hackingarticles.in/windows-firewall-post-exploitation-with-netsh/
Azure AD Connect for Red Teamers
https://blog.xpnsec.com/azuread-connect-for-redteam/
https://blog.xpnsec.com/azuread-connect-for-redteam/
NTFS Case Sensitivity on Windows
https://tyranidslair.blogspot.com/2019/02/ntfs-case-sensitivity-on-windows.html
https://tyranidslair.blogspot.com/2019/02/ntfs-case-sensitivity-on-windows.html
sec_profile: 分析安全信息站点、安全趋势、安全工作者账号
https://github.com/tanjiti/sec_profile
https://github.com/tanjiti/sec_profile
Proofpoint releases Q4 2018 Threat Report and Year in Review
https://www.proofpoint.com/us/threat-insight/post/proofpoint-releases-q4-2018-threat-report-and-year-review
https://www.proofpoint.com/us/threat-insight/post/proofpoint-releases-q4-2018-threat-report-and-year-review
基于分布式欺骗技术的工业网络异常行为自动发现技术
https://mp.weixin.qq.com/s/ilEGEmDzT7yQvxpaHTMIjg
https://mp.weixin.qq.com/s/ilEGEmDzT7yQvxpaHTMIjg
Slack网站上SSRF漏洞的挖掘和防护绕过
https://nosec.org/home/detail/2259.html
https://nosec.org/home/detail/2259.html
WordPress 5.0.0 曝出远程代码执行
https://nosec.org/home/detail/2261.html
https://nosec.org/home/detail/2261.html
“Relaying” Kerberos - Having fun with unconstrained delegation
https://dirkjanm.io/krbrelayx-unconstrained-delegation-abuse-toolkit/
https://dirkjanm.io/krbrelayx-unconstrained-delegation-abuse-toolkit/
OSX Privileged Helper Tool:
https://github.com/blankwall/Offensive-Con/blob/master/OffCon.pdf
https://github.com/blankwall/Offensive-Con/blob/master/OffCon.pdf
绕过Facebook的CSRF防御——25000美金
https://nosec.org/home/detail/2258.html
https://nosec.org/home/detail/2258.html
Physical Extraction and File System Imaging of iOS 12 Devices
https://blog.elcomsoft.com/2019/02/physical-extraction-and-file-system-imaging-of-ios-12-devices/
https://blog.elcomsoft.com/2019/02/physical-extraction-and-file-system-imaging-of-ios-12-devices/
基础事件响应中的 Volatility 工作流程
https://laskowski-tech.com/2019/02/18/volatility-workflow-for-basic-incident-response/
https://laskowski-tech.com/2019/02/18/volatility-workflow-for-basic-incident-response/
exploit for CVE-2018-4193
https://github.com/Synacktiv/CVE-2018-4193
https://github.com/Synacktiv/CVE-2018-4193
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第260期)
