SecWiki周刊(第279期)
2019/07/01-2019/07/07
安全资讯
工信部:10月底前完成200款主流App数据安全检查
http://www.bjnews.com.cn/news/2019/07/01/597947.html
http://www.bjnews.com.cn/news/2019/07/01/597947.html
安全技术
Razzer: Finding Kernel Race Bugs through Fuzzing
http://zeroyu.xyz/2019/06/30/Razzer-Finding-Kernel-Race-Bugs-through-Fuzzing/
http://zeroyu.xyz/2019/06/30/Razzer-Finding-Kernel-Race-Bugs-through-Fuzzing/
Reverse Shells and Controlling Webcams
https://ctrlaltdel.blog/2019/07/02/reverse-shells-and-controlling-webcams/
https://ctrlaltdel.blog/2019/07/02/reverse-shells-and-controlling-webcams/
全球高级持续性威胁(APT)2019年中报告
https://mp.weixin.qq.com/s/As902I82uYq5eYQHhUToaA
https://mp.weixin.qq.com/s/As902I82uYq5eYQHhUToaA
骗局的艺术:剖析以太坊智能合约中的蜜罐
https://mp.weixin.qq.com/s/zKv3wKEXRT8CgOnVHOXi0Q
https://mp.weixin.qq.com/s/zKv3wKEXRT8CgOnVHOXi0Q
OSINT公开资源情报调查:暗网枪支销售+比特币追踪
https://www.anquanke.com/post/id/181236
https://www.anquanke.com/post/id/181236
怎样使用Python打造免杀payload
https://nosec.org/home/detail/2727.html
https://nosec.org/home/detail/2727.html
Safety-Project-Collection: 收集一些比较优秀的开源安全项目
https://github.com/Bypass007/Safety-Project-Collection
https://github.com/Bypass007/Safety-Project-Collection
Cheating-Plugin-Program: 从零开始研究外挂设计原理
https://github.com/luguanxing/Cheating-Plugin-Program
https://github.com/luguanxing/Cheating-Plugin-Program
浅析PHP文件包含及其getshell的姿势
https://xz.aliyun.com/t/5535
https://xz.aliyun.com/t/5535
Axis-1.4-RCE-Poc: Axis
https://github.com/KibodWapon/Axis-1.4-RCE-Poc
https://github.com/KibodWapon/Axis-1.4-RCE-Poc
phpMyAdmin 文件包含复现分析
https://xz.aliyun.com/t/5534
https://xz.aliyun.com/t/5534
利用 ELK 搭建 Docker 容器化应用日志中心
https://mp.weixin.qq.com/s/7A4lI1zeE5_BljzbKkInbw
https://mp.weixin.qq.com/s/7A4lI1zeE5_BljzbKkInbw
Godlua Backdoor分析报告
https://blog.netlab.360.com/an-analysis-of-godlua-backdoor/
https://blog.netlab.360.com/an-analysis-of-godlua-backdoor/
Writing shellcodes for Windows x64
https://nytrosecurity.com/2019/06/30/writing-shellcodes-for-windows-x64/
https://nytrosecurity.com/2019/06/30/writing-shellcodes-for-windows-x64/
勒索软件Sodinokibi运营组织的关联分析
https://www.freebuf.com/articles/network/207116.html
https://www.freebuf.com/articles/network/207116.html
利用Microsoft.com绕过防火墙以传递恶意命令
https://nosec.org/home/detail/2747.html
https://nosec.org/home/detail/2747.html
CobaltStrike + Metasploit 组合安装
https://www.aqniu.com/vendor/50662.html
https://www.aqniu.com/vendor/50662.html
Analyzing One of the Latest APT28 Zepakab/Zebrocy Delphi Implant
https://www.vkremez.com/2019/01/lets-learn-overanalyzing-one-of-latest.html
https://www.vkremez.com/2019/01/lets-learn-overanalyzing-one-of-latest.html
区块链安全入门笔记 系列一
https://paper.seebug.org/973/
https://paper.seebug.org/973/
IDS Bypass contest at PHDays: writeup and solutions
http://blog.ptsecurity.com/2019/07/ids-bypass-contest-at-phdays-writeup.html
http://blog.ptsecurity.com/2019/07/ids-bypass-contest-at-phdays-writeup.html
隐藏在Firefox中长达17年的文件窃取漏洞?
https://nosec.org/home/detail/2745.html
https://nosec.org/home/detail/2745.html
Vasile Revnic's Blog: Hunting for Privilege Escalation with Burp Suite
https://sirpwnalot.blogspot.com/2019/06/hunting-for-privilege-escalation-with.html
https://sirpwnalot.blogspot.com/2019/06/hunting-for-privilege-escalation-with.html
Donot团伙(APT-C-35)移动端新攻击框架工具分析
https://www.anquanke.com/post/id/181483
https://www.anquanke.com/post/id/181483
拟态防御题型pwn&web初探
https://xz.aliyun.com/t/5532
https://xz.aliyun.com/t/5532
基于E-Mail的隐蔽控制:机理与防御
https://www.freebuf.com/articles/network/207379.html
https://www.freebuf.com/articles/network/207379.html
Incident Response and IoC
https://www.projectsharp.org/2019/07/04/incident-response-and-ioc/
https://www.projectsharp.org/2019/07/04/incident-response-and-ioc/
Red Teaming Toolkit Collection
https://0xsp.com/offensive/red-teaming-toolkit-collection
https://0xsp.com/offensive/red-teaming-toolkit-collection
通过异常处理机制实现漏洞利用
https://xz.aliyun.com/t/5480
https://xz.aliyun.com/t/5480
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第279期)
