SecWiki周刊(第287期)
2019/08/26-2019/09/01
安全资讯
关于印发加强工业互联网安全工作的指导意见的通知
http://www.miit.gov.cn/n1146285/n1146352/n3054355/n3057724/n3057729/c7281215/content.html
http://www.miit.gov.cn/n1146285/n1146352/n3054355/n3057724/n3057729/c7281215/content.html
安全技术
KCon 2019 议题 PPT 公开
https://paper.seebug.org/1023/
https://paper.seebug.org/1023/
Multiple WordPress Plugins SQL Injection Vulnerabilities
https://www.fortinet.com/blog/threat-research/wordpress-plugin-sql-injection-vulnerability.html
https://www.fortinet.com/blog/threat-research/wordpress-plugin-sql-injection-vulnerability.html
快速翻译awvs的漏洞库内容
http://0cx.cc/translate_vuln_with_awvs.jspx
http://0cx.cc/translate_vuln_with_awvs.jspx
TP Link SR20 ACE漏洞分析
https://xz.aliyun.com/t/6073
https://xz.aliyun.com/t/6073
In-the-wild iOS Exploit Chain 4
https://googleprojectzero.blogspot.com/2019/08/in-wild-ios-exploit-chain-4.html
https://googleprojectzero.blogspot.com/2019/08/in-wild-ios-exploit-chain-4.html
In-the-wild iOS Exploit Chain 2
https://googleprojectzero.blogspot.com/2019/08/in-wild-ios-exploit-chain-2.html
https://googleprojectzero.blogspot.com/2019/08/in-wild-ios-exploit-chain-2.html
In-the-wild iOS Exploit Chain 3
https://googleprojectzero.blogspot.com/2019/08/in-wild-ios-exploit-chain-3.html
https://googleprojectzero.blogspot.com/2019/08/in-wild-ios-exploit-chain-3.html
CVE-2019-0708 (BlueKeep): Three Ways to Write Data into the Kernel with RDP PDU
https://unit42.paloaltonetworks.com/exploitation-of-windows-cve-2019-0708-bluekeep-three-ways-to-write-data-into-the-kernel-with-rdp-pdu/
https://unit42.paloaltonetworks.com/exploitation-of-windows-cve-2019-0708-bluekeep-three-ways-to-write-data-into-the-kernel-with-rdp-pdu/
In-the-wild iOS Exploit Chain 5
https://googleprojectzero.blogspot.com/2019/08/in-wild-ios-exploit-chain-5.html
https://googleprojectzero.blogspot.com/2019/08/in-wild-ios-exploit-chain-5.html
In-the-wild iOS Exploit Chain 1
https://googleprojectzero.blogspot.com/2019/08/in-wild-ios-exploit-chain-1.html
https://googleprojectzero.blogspot.com/2019/08/in-wild-ios-exploit-chain-1.html
固件修改及编译记录
https://xz.aliyun.com/t/6053
https://xz.aliyun.com/t/6053
华为路由器 H532G 漏洞分析
https://xz.aliyun.com/t/6116
https://xz.aliyun.com/t/6116
基于访问日志的异常请求检测
https://xz.aliyun.com/t/6117
https://xz.aliyun.com/t/6117
RCE as root on Marathon-Mesos instance
https://omespino.com/write-up-private-bug-bounty-usd-rce-as-root-on-marathon-instance/
https://omespino.com/write-up-private-bug-bounty-usd-rce-as-root-on-marathon-instance/
Spying on HTTPS
https://textslashplain.com/2019/08/11/spying-on-https/
https://textslashplain.com/2019/08/11/spying-on-https/
Blade:企业安全研究团队建设运营思考
https://security.tencent.com/index.php/blog/msg/136
https://security.tencent.com/index.php/blog/msg/136
腾讯安全:2019上半年企业安全总结
https://paper.seebug.org/1021/
https://paper.seebug.org/1021/
由外到内入侵渗透的点面线问题
https://blog.donot.me/pentest-theory/
https://blog.donot.me/pentest-theory/
域渗透-获取NTDS.dit
https://uknowsec.cn/posts/notes/%E5%9F%9F%E6%B8%97%E9%80%8F-%E8%8E%B7%E5%8F%96NTDS.dit.html
https://uknowsec.cn/posts/notes/%E5%9F%9F%E6%B8%97%E9%80%8F-%E8%8E%B7%E5%8F%96NTDS.dit.html
Pulse Secure SSL VPN任意文件读取
https://nosec.org/home/detail/2904.html
https://nosec.org/home/detail/2904.html
SecWiki周刊(第286期)
https://www.sec-wiki.com/weekly/286
https://www.sec-wiki.com/weekly/286
USB Fuzzing技术总结
https://www.anquanke.com/post/id/184954
https://www.anquanke.com/post/id/184954
拦截Android Flutter应用程序流量的研究
https://xz.aliyun.com/t/6149
https://xz.aliyun.com/t/6149
RASP Agent技术划水
https://mp.weixin.qq.com/s/qzsKoiv1pR5To4kwnNQR8w
https://mp.weixin.qq.com/s/qzsKoiv1pR5To4kwnNQR8w
osctrl: Fast and efficient osquery management
https://github.com/jmpsec/osctrl
https://github.com/jmpsec/osctrl
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第287期)
