SecWiki News 2019-03-22 Review

ICS安全工具系列3.1:多功能安全工具 by ourren

ICS安全工具系列3.2:攻击指标(IOC)检测工具 by ourren

ICS安全工具系列3.3:网络流量检测工具 by ourren

控制系统设备:架构和供应渠道概述 by ourren

Efficient and Flexible Discovery of PHP Application Vulnerabilities by ourren

国际黑产组织针对部分东亚国家金融从业者攻击活动的报告 by ourren

实例讲解Apache Struts框架OGNL注入漏洞 by BaCde

PHP7和PHP5在安全上的区别 by BaCde

绕过Windows Defender的“繁琐”方法 by BaCde

Java Serialization Objects (JSO): An Exploitation Guide by re4lity

How to Detect an Intruder-driven Group Policy Changes by re4lity

SigintOS: A Wireless Pentest Distro Review by re4lity

A-Detector: An anomaly-based intrusion detection system. by re4lity

Reflected XSS in SolarWinds Database Performance Analyzer by re4lity

Android app deobfuscation using static-dynamic cooperation by re4lity

Avira VPN Elevation of Privilege by re4lity

Vulnerability hunting with Semmle QL, part 2 by re4lity

Vulnerability hunting with Semmle QL, part 1 by re4lity

CVE-2018-17057 yet another phar deserialization in TCPDF by re4lity

OOB-Server: A Bind9 server for pentesters to use for Out-of-Band vulnerabilities by re4lity

An introduction to privileged file operation abuse on Windows by re4lity

Google Books X-Hacking by re4lity

Karta - source code assisted fast binary matching plugin for IDA by re4lity

CVE-2018-8024: Apache Spark XSS vulnerability in UI by re4lity

CVE-2019-5786 FileReader Exploit by re4lity


SecWiki News 2019-03-21 Review

国际上跟暗网业务相关的厂商 by ourren

S&P 2019 (四)1~2月份议题速览 by ourren

基于对抗生成式模仿学习的实体和事件的联合抽取 by ourren

堡垒机:爱奇艺海量服务器安全运维平台的建设 by ourren

驱动人生某样本分析 by ourren

Analysis of a Chrome Zero Day: CVE-2019-5786 by ourren

新的采矿蠕虫PsMiner使用多个高风险漏洞进行传播 by mimblewimble

Ghidra 从 XXE 到 RCE by ourren

.NET高级代码审计(第四课) JavaScriptSerializer反序列化漏洞 by ourren

.NET高级代码审计(第三课)Fastjson反序列化漏洞 by ourren


SecWiki News 2019-03-20 Review

.NET高级代码审计(第二课) Json.Net反序列化漏洞 by ourren

.NET高级代码审计(第一课)XmlSerializer反序列漏洞 by ourren

浅谈RASP技术攻防之基础篇 by ourren

IoT-Implant-Toolkit:一款针对IoT设备的木马测试工具 by ourren

自动监控目标子域,助你快速挖洞——Sublert by BaCde

Spotless Sandboxes: Evading Malware Analysis Systems using Wear-and-Tear Artifac by z3r0yu

Writing a Custom Shellcode Encoder by re4lity

Multiple Ways to Exploiting OSX using PowerShell Empire by re4lity

CVE-2019–5420 and defence-in-depth by re4lity

Exploiting OGNL Injection in Apache Struts by re4lity

Hamburglar: collect useful information from urls, directories, and files by re4lity

Awesome Node.js for penetration testers by re4lity

RCE in Slanger, a Ruby implementation of Pusher by re4lity

Denial of service in Facebook Fizz due to integer overflow (CVE-2019-3560) by re4lity

Critical zero-day vulnerability fixed in WordPress Easy WP SMTP plugin. by re4lity

Development of a new Windows 10 KASLR Bypass (in One WinDBG Command) by re4lity

Red Team Telemetry: Empire Edition by re4lity

Java deserialization RCE in Tomcat cluster by re4lity

Finding and Exploiting .NET Remoting over HTTP using Deserialisation by re4lity

Discovering a zero day and getting code execution on Mozilla's AWS Network by re4lity

Check Point Forensic Files: A New Monero CryptoMiner Campaign by ourren

智能门锁移动互联网安全风险及加固策略研析 by 几维安全

Elasticsearch 安全防护 by ourren


SecWiki News 2019-03-18 Review

OUTLOOK.COM 存储型XSS漏洞挖掘 by mimblewimble

Orc - Bash 开发的 Linux 后渗透测试框架 by mimblewimble

分析攻击俄罗斯及乌克兰金融机构的恶意软件 BUHTRAP 泄漏的源码 by mimblewimble

在没有 root 或越狱的情况下绕过通用保护机制 by mimblewimble

SecWiki周刊(第263期) by 504

WordPress-5.1.1-CSRF-To-RCE安全事件详析 by ourren

Snare 与 Tanner——下一代高级 Web 蜜罐把玩 by ourren

委内瑞拉大规模停电事件的初步分析与思考启示 by ourren

Markdown协作平台HackMD的蠕虫型XSS by BaCde

深入分析Drupal geddon 2 POP攻击链 by BaCde

一篇报告了解国内首个针对加密流量的检测引擎 by ourren

使用 Docker 搭建 EFK by ourren

OSCP备考指南 by ourren

MySQLMonitor: MySQL实时监控工具(黑盒测试辅助工具) by ourren


SecWiki News 2019-03-14 Review

中通内网安全之外发流量管理 by ourren

旧树开新花—再谈GitHub监控 by ourren

威胁建模模型ATT&CK by ourren

采用NLP机器学习来进行自动化合规风险治理 by ourren

对小米Mi Band 2的破解 by ourren

Nessus_to_report: Nessus中文报告自动化脚本 by ourren

WinRAR远程代码执行漏洞结合Metasploit+Ngrok实现远程上线 by ourren