原文链接:SecWiki周刊(第331期)
本期关键字:攻防演练、渗透经验、Windows内网渗透、验证码漏洞、子域名监控、Linux提权、Docker安全性、硬件分析、图卷积神经网络、NLP技术、混合P2P网络、差分重放技术、智能设备安全等。
2020/06/29-2020/07/05
安全技术[比赛] CTF实战特训营实训真题 https://zhuanlan.zhihu.com/p/148384035 [Web安全] 攻防演练实战中的若干Tips https://www.freebuf.com/articles/es/240003.html [Web安全] 渗透经验分享之SQL注入思路拓展 https://xz.aliyun.com/t/7919 [Web安全] 红蓝对抗之Windows内网渗透 [Web安全] 浅谈短信验证码漏洞 https://xz.aliyun.com/t/7926 [Web安全] 子域名监控式漏洞扫描 https://github.com/MisakiKata/crawlergo_sub [Web安全] Windows/Linux文件下载方式汇总 https://xz.aliyun.com/t/7937 [Web安全] 第五空间-WriteUp [Web安全] 对Linux 提权的简单总结 https://xz.aliyun.com/t/7924 [运维安全] Docker安全性与攻击面分析 [漏洞分析] BIG IP CVE-2020-5902 漏洞检测与利用 https://bacde.me/post/big-ip-cve-2020-5902-check-poc/ [移动安全] 硬件分析的常用工具与基础方法 [恶意分析] 全球高级持续性威胁(APT)2020年中报告 https://ti.qianxin.com/uploads/2020/06/29/e4663b4f11f01e5ec8a1a5d91a71dc72.pdf [数据挖掘] 图卷积神经网络在企业侧网络安全运营中的应用 [取证分析] 踩坑记录-DNS Beacon https://xz.aliyun.com/t/7938 [漏洞分析] Dubbo2.7.7 反序列化漏洞绕过分析 https://paper.seebug.org/1263/ [漏洞分析] CVE-2020-1948 Apache Dubbo Hessian 反序列化漏洞分析 https://www.anquanke.com/post/id/209251 [杂志] SecWiki周刊(第330期) https://www.sec-wiki.com/weekly/330 [运维安全] 不一样的 "反弹Shell" 系统剖析 [漏洞分析] Automating DLL Hijack Discovery https://posts.specterops.io/automating-dll-hijack-discovery-81c4295904b0 [Web安全] Oracle 注入学习(终结版) [漏洞分析] Netgear R6700v3 LAN RCE write-up and exploit https://github.com/pedrib/PoC/blob/master/advisories/Pwn2Own/Tokyo_2019/tokyo_drift/tokyo_drift.md [取证分析] 浅谈 NLP 技术在威胁情报中的应用 https://paper.seebug.org/1256/ [漏洞分析] Laravel 5.7反序列化漏洞(CVE-2019-9081+2020第五空间题解) http://zeroyu.xyz/2020/06/28/Laravel-5-7%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E-CVE-2019-9081-2020%E7%AC%AC%E4%BA%94%E7%A9%BA%E9%97%B4%E9%A2%98%E8%A7%A3/ [运维安全] FDEU-CVE-2019-10222 https://full-disclosure.eu/reports/2019/FDEU-CVE-2019-10222-telia-savitarna-backdoor.html [恶意分析] DDG的新征程——自研P2P协议构建混合P2P网络 https://www.anquanke.com/post/id/209351 [运维安全] 10 Years of Linux Security https://grsecurity.net/10_years_of_linux_security.pdf [设备安全] Hacking All The Cars - CAN总线逆向 https://www.anquanke.com/post/id/209141 [设备安全] Apple Lightning https://nyansatan.github.io/lightning/ [漏洞分析] TuxGuitar - stealing local files (XXE) https://logicaltrust.net/blog/2020/06/tuxguitar.html [运维安全] Detect lateral movement with Azure Sentinel https://zolder.io/2020/07/01/using-a-firewall-and-sentinel-to-detect-lateral-movement/?a=q [漏洞分析] Exploiting an Envoy heap vulnerability https://blog.envoyproxy.io/exploiting-an-envoy-heap-vulnerability-96173d41792 [漏洞分析] 利用差分重放技术检测未初始化变量的使用 [漏洞分析] Some DOS bugs while processing Microsoft LNK files https://ezqelusia.blogspot.com/2020/06/some-dos-bugs-while-processing.html [工具] leonidas: Automated Attack Simulation in the Cloud https://github.com/FSecureLABS/leonidas [移动安全] Android App Source code Extraction and Bypassing Root and SSL Pinning checks https://vj0shii.info/android-app-testing-initial-steps/ [Web安全] Taking over Azure DevOps Accounts with 1 Click https://blog.assetnote.io/2020/06/28/subdomain-takeover-to-account-takeover/?v=2 [数据挖掘] 初探网络安全智能决策 [Web安全] SSRF on Zimbra Led to Dump All Credentials in Clear Text https://medium.com/bugbountywriteup/story-of-a-2-5k-bounty-ssrf-on-zimbra-led-to-dump-all-credentials-in-clear-text-6fe826005ccc [运维安全] Hunting for anomalous sessions in your data with Azure Sentinel https://techcommunity.microsoft.com/t5/azure-sentinel/hunting-for-anomalous-sessions-in-your-data-with-azure-sentinel/ba-p/1492490 [漏洞分析] Breaking Windows KASLR by Leaking KVA Shadow Mappings https://labs.bluefrostsecurity.de/blog/2020/06/30/meltdown-reloaded-breaking-windows-kaslr/ [设备安全] 小议智能设备安全研究 [漏洞分析] ZombieVPN, Breaking That Internet Security https://0xsha.io/posts/zombievpn-breaking-that-internet-security -----微信ID:SecWiki-----
SecWiki,8年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com
| 
发表于 2020-7-6 19:21:44