SecWiki周刊(第290期)
2019/09/16-2019/09/22
安全技术
SUCTF-WriteUp(上)
https://mp.weixin.qq.com/s/bgWwPPjFsiviFxMgNxjUIg
https://mp.weixin.qq.com/s/bgWwPPjFsiviFxMgNxjUIg
CVE-2019-10392 Jenkins 2k19认证远程RCE
https://misakikata.github.io/2019/09/CVE-2019-10392-Jenkins-2k19%E8%AE%A4%E8%AF%81%E8%BF%9C%E7%A8%8BRCE/
https://misakikata.github.io/2019/09/CVE-2019-10392-Jenkins-2k19%E8%AE%A4%E8%AF%81%E8%BF%9C%E7%A8%8BRCE/
SUCTF-WriteUp(下)
https://mp.weixin.qq.com/s/NtOgVw0uFXndJ7b1-G-0iw
https://mp.weixin.qq.com/s/NtOgVw0uFXndJ7b1-G-0iw
beyond-good-ol-run-key-part-114(AutoPlay利用)
http://www.hexacorn.com/blog/2019/09/07/beyond-good-ol-run-key-part-114/
http://www.hexacorn.com/blog/2019/09/07/beyond-good-ol-run-key-part-114/
LuWu: 红队基础设施自动化部署工具
https://github.com/QAX-A-Team/LuWu
https://github.com/QAX-A-Team/LuWu
Server Side Template Injection – on the example of Pebble
https://research.securitum.com/server-side-template-injection-on-the-example-of-pebble/
https://research.securitum.com/server-side-template-injection-on-the-example-of-pebble/
大型互联网企业威胁情报运营与实践思考
https://www.anquanke.com/post/id/187069
https://www.anquanke.com/post/id/187069
vulnerable-sso: vulnerable single sign on
https://github.com/dogangcr/vulnerable-sso
https://github.com/dogangcr/vulnerable-sso
pdlist: A passive subdomain finder
https://github.com/gnebbia/pdlist
https://github.com/gnebbia/pdlist
内网渗透之端口转发、映射、代理
https://xz.aliyun.com/t/6349
https://xz.aliyun.com/t/6349
Decentralizing DNS to Improve the Security of the Internet
https://www.namebase.io/blog/meet-handshake-decentralizing-dns-to-improve-the-security-of-the-internet/
https://www.namebase.io/blog/meet-handshake-decentralizing-dns-to-improve-the-security-of-the-internet/
Malware Classification with ‘Graph Hash,’ Applied to the Orca Cyberespionage Cam
https://blog.trendmicro.com/trendlabs-security-intelligence/malware-classification-with-graph-hash-applied-to-the-orca-cyberespionage-campaign/
https://blog.trendmicro.com/trendlabs-security-intelligence/malware-classification-with-graph-hash-applied-to-the-orca-cyberespionage-campaign/
钓鱼邮件的投递和伪造
https://xz.aliyun.com/t/6325
https://xz.aliyun.com/t/6325
SecWiki周刊(第289期)
https://www.sec-wiki.com/weekly/289
https://www.sec-wiki.com/weekly/289
Bloodhound Cypher Cheatsheet
https://hausec.com/2019/09/09/bloodhound-cypher-cheatsheet/
https://hausec.com/2019/09/09/bloodhound-cypher-cheatsheet/
反间谍软件之旅(一)
https://www.anquanke.com/post/id/186489
https://www.anquanke.com/post/id/186489
purple-fox-fileless-malware-with-rookit-component-delivered-by-rig-exploit-kit-n
https://blog.trendmicro.com/trendlabs-security-intelligence/purple-fox-fileless-malware-with-rookit-component-delivered-by-rig-exploit-kit-now-abuses-powershell/
https://blog.trendmicro.com/trendlabs-security-intelligence/purple-fox-fileless-malware-with-rookit-component-delivered-by-rig-exploit-kit-now-abuses-powershell/
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第290期)
