SecWiki周刊(第321期)
2020/04/20-2020/04/26
安全技术
Vulfocus: 漏洞docker镜像集成平台 近源渗透测试之USBninja实战 通达OA 任意用户登录漏洞(匿名RCE)分析 Android 中的特殊攻击面(一)——邪恶的对话框 Stowaway -- Multi-hop Proxy Tool for pentesters 2020 虎符网络安全竞赛 web Writeup 宜信SDL实践:产品经理如何驱动产品安全建设 基于数据流的越权检测 Windows域环境及域渗透 流量分析在安全攻防上的探索实践 haidragon/KiwiVM-1: virtualization encryption software for mobile applications 关于防守方封IP的一些想法 Critical CSRF to RCE bug chain in Prestashop v1.7.6.4 and below 以虎嗅网4W+文章的文本挖掘为例,展现数据分析的一整套流程 内网横向渗透攻击流程 waf-bypass学习 一次有趣的钓鱼测试 MacOS Dylib Injection through Mach-O Binary Manipulation IFFA文件格式漏洞交互式分析系统 Pulsar:一款功能强大的可视化网络足迹扫描平台 零信任安全架构实践之路 webshell "干掉" RASP 红队测评技巧:对公司发起OSINT 爱奇艺的业务安全风控“秘籍” Android 中的特殊攻击面(二)——危险的deeplink Xiaomi Mi9 (Pwn2Own 2019) xioc: Extract IOCs from text, including "escaped" ones. 短兵:API安全典型漏洞剖析 体系化的WAF安全运营实践 移动 app安全评估检测技术分析 移动基带安全研究系列文章之概念与系统篇 Python RASP 工程化:一次入侵的思考 构建企业级研发安全编码规范 Building a Basic C2 Attacking and Auditing Docker Containers and Kubernetes Clusters DLL hijacking vulnerabilities in Nirsoft tools The Hitchhiker's Guide to Shellcoding 2019年工业控制网络安全态势白皮书 安全架构设计与评审 Handbook of information collection for penetration testing and src 一次Reverse出题手记 Android Kernel Exploitation The Zaheck of Android Deep Links! 半自动化挖掘 request 实现多种中间件回显 GhostBuild - MSBuild launchers for various GhostPack/.NET projects 刨析NSA/ASD的WebShell防御指南 一些流行的云waf、cdn、lb的域名列表 PHP代码审计之CTF系列(3) CryptoHack – A fun platform for learning cryptography 记一次对PUBG外挂病毒的反制过程 SecWiki周刊(第320期) SMBGhost pre-auth RCE abusing Direct Memory Access structs Assistant plugin for vulnerability research Grammar based fuzzing PDFs with Domato Exploiting (Almost) Every Antivirus Software 远控免杀专题-白名单(113个)总结篇 2019年我国互联网网络安全态势综述 How We Hacked an Android Game And Ranked First globally Sqlserver, or the Miner in the Basement Android程序安全分析入门 Dissecting the Windows Defender Driver iOS acquisition methods compared: logical, full file system and iCloud Tale of two hypervisor bugs - Escaping from FreeBSD bhyve Tinyshell Under the Microscope joincap: Merge multiple pcap files together, gracefully. 当PLC偶遇老旧但不乏经典的高级组包工具Hping3 OWASP Firmware Security Testing Methodology OSS-Fuzz data in Vulners Terminal Escape Injection Lateral Movement: PowerShell Remoting A HTTP PoC Endpoint for cve-2020-5260 Everything You Need to Know About IDOR pingfisher: A ping detection tool for linux CVE-2020-0791 Is BGP safe yet? · Cloudflare awesome-virtualization: Collection of resources about Virtualization This challenge is Inon Shkedy's 31 days API Security Tips. Uninitialized Memory Disclosures in Web Applications Exploiting POST-based XSSI GHSL-2020-038: Use after free in Chrome WebAudio Subdomain Takeover: Thoughts on Risks A Defender's Guide For Rootkit Detection: Episode 1 JSON Web Token Validation Bypass in Auth0 Authentication API AIL framework - Analysis Information Leak framework SystemToken: Steal privileged token to obtain SYSTEM shell Abusing HTTP Path Normalization and Cache Poisoning to steal accounts-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com
本期原文地址: SecWiki周刊(第321期)