SecWiki周刊(第285期)
2019/08/12-2019/08/18
安全资讯
安全技术
网络与信息安全领域专赛-WriteUp
https://mp.weixin.qq.com/s/1-F5smfdwLUSdit5gP2mYA
https://mp.weixin.qq.com/s/1-F5smfdwLUSdit5gP2mYA
网络与信息安全领域专项赛WP
http://zeroyu.xyz/2019/08/16/2019-8-15-writeup/
http://zeroyu.xyz/2019/08/16/2019-8-15-writeup/
GetWindowsKernelExploitsKB(获取系统KB补丁对于的MS号)
https://www.ch1ng.com/blog/189.html
https://www.ch1ng.com/blog/189.html
AggressorScript-UploadAndRunFrp
https://github.com/Ch1ngg/AggressorScript-UploadAndRunFrp
https://github.com/Ch1ngg/AggressorScript-UploadAndRunFrp
Dr.Semu - Malware Detection and Classification Tool Based on Dynamic Behavior
https://github.com/secrary/DrSemu
https://github.com/secrary/DrSemu
Fortigate SSL VPN任意文件读取(可直接登录VPN)
https://nosec.org/home/detail/2867.html
https://nosec.org/home/detail/2867.html
Subdomain takeover - Chapter two: Azure Services
https://blog.cystack.net/subdomain-takeover-chapter-two-azure-services/
https://blog.cystack.net/subdomain-takeover-chapter-two-azure-services/
Microsoft Vulnerability Severity Classification for Windows
https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2A3xt
https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2A3xt
Mautic Remote Code Execution
https://github.com/MegadodoPublications/exploits/blob/master/mautic.md
https://github.com/MegadodoPublications/exploits/blob/master/mautic.md
Exchange渗透测试总结
https://www.anquanke.com/post/id/184342
https://www.anquanke.com/post/id/184342
Debugging Cordova Applications
https://www.appknox.com/security/debugging-cordova-applications
https://www.appknox.com/security/debugging-cordova-applications
solr-injection: Apache Solr Injection Research
https://github.com/artsploit/solr-injection
https://github.com/artsploit/solr-injection
fuzzowski: the Network Protocol Fuzzer that we will want to use.
https://github.com/nccgroup/fuzzowski
https://github.com/nccgroup/fuzzowski
CTF工业信息安全大赛实践与分析
https://www.freebuf.com/articles/ics-articles/210687.html
https://www.freebuf.com/articles/ics-articles/210687.html
SysmonHunter:一个简单的基于ATT&CK的Sysmon日志狩猎工具
https://github.com/baronpan/SysmonHunter
https://github.com/baronpan/SysmonHunter
Intercepting traffic from Android Flutter applications
https://blog.nviso.be/2019/08/13/intercepting-traffic-from-android-flutter-applications/
https://blog.nviso.be/2019/08/13/intercepting-traffic-from-android-flutter-applications/
SELECT code_execution FROM * USING SQLite;
https://research.checkpoint.com/select-code_execution-from-using-sqlite/
https://research.checkpoint.com/select-code_execution-from-using-sqlite/
Building a custom malware sandbox with PANDA
https://adalogics.com/blog/Building-a-custom-malware-sandbox-with-PANDA-Part-1
https://adalogics.com/blog/Building-a-custom-malware-sandbox-with-PANDA-Part-1
IOC Explorer:自动化关联失陷指标的工具
https://github.com/lion-gu/ioc-explorer
https://github.com/lion-gu/ioc-explorer
Reversing an Oppo ozip encryption key from encrypted firmware
https://bkerler.github.io/reversing/2019/04/24/the-game-begins/
https://bkerler.github.io/reversing/2019/04/24/the-game-begins/
butthax: lovense hush buttplug exploit chain
https://github.com/smealum/butthax
https://github.com/smealum/butthax
基于机器学习的jsp/jspx webshell检测
https://xz.aliyun.com/t/5994
https://xz.aliyun.com/t/5994
Defcon 27游记
https://n0b0dycn.me/2019/08/defcon27/
https://n0b0dycn.me/2019/08/defcon27/
Comodo Antivirus - Sandbox Race Condition Use-After-Free (CVE-2019-14694)
http://rce4fun.blogspot.com/2019/08/comodo-antivirus-sandbox-race-condition.html
http://rce4fun.blogspot.com/2019/08/comodo-antivirus-sandbox-race-condition.html
KNOB Attack
https://knobattack.com/
https://knobattack.com/
Static Analysis at Scale: An Instagram Story
https://instagram-engineering.com/static-analysis-at-scale-an-instagram-story-8f498ab71a0c
https://instagram-engineering.com/static-analysis-at-scale-an-instagram-story-8f498ab71a0c
Simple Anti-RE Trick
https://secrary.com/Random/anti_re_simple/
https://secrary.com/Random/anti_re_simple/
The state of advanced code injections
https://adalogics.com/blog/the-state-of-advanced-code-injections
https://adalogics.com/blog/the-state-of-advanced-code-injections
Monitoring the State of Internet Routing Security
https://observatory.manrs.org
https://observatory.manrs.org
DEF CON CTF 27 Final 游记
http://iromise.com/2019/08/14/DEF-CON-CTF-27-Final/
http://iromise.com/2019/08/14/DEF-CON-CTF-27-Final/
WebLogic安全研究报告
https://mp.weixin.qq.com/s/qxkV_7MZVhUYYq5QGcwCtQ
https://mp.weixin.qq.com/s/qxkV_7MZVhUYYq5QGcwCtQ
goop: Google Search Scraper
https://github.com/s0md3v/goop
https://github.com/s0md3v/goop
Code Execution via Fiber Local Storage
http://hatriot.github.io/blog/2019/08/12/code-execution-via-fiber-local-storage/
http://hatriot.github.io/blog/2019/08/12/code-execution-via-fiber-local-storage/
拟态防御系列问题分析
https://xz.aliyun.com/t/5953
https://xz.aliyun.com/t/5953
Three (And A Half) Vulns For The Price of One!
https://tactifail.wordpress.com/2019/07/26/three-vulns-for-the-price-of-one/
https://tactifail.wordpress.com/2019/07/26/three-vulns-for-the-price-of-one/
教会微信:突破文件发送100M限制
https://mp.weixin.qq.com/s/WfYJDY9OymRTigwn6u7IGw
https://mp.weixin.qq.com/s/WfYJDY9OymRTigwn6u7IGw
Threat hunting using DNS firewalls and data enrichment
https://blog.redteam.pl/2019/08/threat-hunting-dns-firewall.html
https://blog.redteam.pl/2019/08/threat-hunting-dns-firewall.html
Responding to Firefox 0-days in the wild
https://blog.coinbase.com/responding-to-firefox-0-days-in-the-wild-d9c85a57f15b
https://blog.coinbase.com/responding-to-firefox-0-days-in-the-wild-d9c85a57f15b
CVE-2019-0193:Apache Solr远程执行代码漏洞预警
https://nosec.org/home/detail/2850.html
https://nosec.org/home/detail/2850.html
如何攻击Fortigate SSL VPN
https://nosec.org/home/detail/2862.html
https://nosec.org/home/detail/2862.html
Several DoS conditions in certain HTTP/2 implementations
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
Generating Personalized Wordlists with NLP For Password Guessing Attacks
https://utkusen.com/blog/generating-personalized-wordlists.html
https://utkusen.com/blog/generating-personalized-wordlists.html
RouterOS Post Exploitation
https://medium.com/tenable-techblog/routeros-post-exploitation-784c08044790
https://medium.com/tenable-techblog/routeros-post-exploitation-784c08044790
Simple & Interactive SSRF tutorial
https://application.security/
https://application.security/
CVE-2018-4259: MacOS NFS vulnerabilties lead to kernel RCE
https://blog.semmle.com/cve-2018-4259-macos-nfs-vulnerability/
https://blog.semmle.com/cve-2018-4259-macos-nfs-vulnerability/
Clickjacking DOM XSS on Google.org
https://appio.dev/vulns/clickjacking-xss-on-google-org/
https://appio.dev/vulns/clickjacking-xss-on-google-org/
How To Attack Kerberos 101
https://m0chan.github.io/2019/07/31/How-To-Attack-Kerberos-101.html
https://m0chan.github.io/2019/07/31/How-To-Attack-Kerberos-101.html
Privilege Escalation in Cloud Foundry UAA
https://www.twistlock.com/labs-blog/privilege-escalation-in-cloud-foundry-uaa-cve-2019-11270/
https://www.twistlock.com/labs-blog/privilege-escalation-in-cloud-foundry-uaa-cve-2019-11270/
Offensive Lateral Movement
https://hausec.com/2019/08/12/offensive-lateral-movement/
https://hausec.com/2019/08/12/offensive-lateral-movement/
Exploiting Out Of Band XXE using internal network and php wrappers
https://mahmoudsec.blogspot.com/2019/08/exploiting-out-of-band-xxe-using.html
https://mahmoudsec.blogspot.com/2019/08/exploiting-out-of-band-xxe-using.html
HTML注入:利用HTML标签绕过CSP
https://nosec.org/home/detail/2860.html
https://nosec.org/home/detail/2860.html
从SOAR中求解应用安全建设强运营突围之法
https://mp.weixin.qq.com/s/sedpOhSxEGSdaxX8SACIMA
https://mp.weixin.qq.com/s/sedpOhSxEGSdaxX8SACIMA
JNDI Injection using Getter Based Deserialization Gadgets
https://srcincite.io/blog/2019/08/07/attacking-unmarshallers-jndi-injection-using-getter-based-deserialization.html
https://srcincite.io/blog/2019/08/07/attacking-unmarshallers-jndi-injection-using-getter-based-deserialization.html
How to Build Your Own Penetration Testing Dropbox Using a Raspberry Pi 4
https://artificesecurity.com/blog/2019/8/6/how-to-build-your-own-penetration-testing-drop-box-using-a-raspberry-pi-4
https://artificesecurity.com/blog/2019/8/6/how-to-build-your-own-penetration-testing-drop-box-using-a-raspberry-pi-4
Meteor Blind NoSQL Injection
https://medium.com/rangeforce/meteor-blind-nosql-injection-29211775cd01
https://medium.com/rangeforce/meteor-blind-nosql-injection-29211775cd01
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第285期)
