SecWiki News 2019-03-22 Review

ICS安全工具系列3.1:多功能安全工具 by ourren

ICS安全工具系列3.2:攻击指标(IOC)检测工具 by ourren

ICS安全工具系列3.3:网络流量检测工具 by ourren

控制系统设备:架构和供应渠道概述 by ourren

Efficient and Flexible Discovery of PHP Application Vulnerabilities by ourren

国际黑产组织针对部分东亚国家金融从业者攻击活动的报告 by ourren

实例讲解Apache Struts框架OGNL注入漏洞 by BaCde

PHP7和PHP5在安全上的区别 by BaCde

绕过Windows Defender的“繁琐”方法 by BaCde

Java Serialization Objects (JSO): An Exploitation Guide by re4lity

How to Detect an Intruder-driven Group Policy Changes by re4lity

SigintOS: A Wireless Pentest Distro Review by re4lity

A-Detector: An anomaly-based intrusion detection system. by re4lity

Reflected XSS in SolarWinds Database Performance Analyzer by re4lity

Android app deobfuscation using static-dynamic cooperation by re4lity

Avira VPN Elevation of Privilege by re4lity

Vulnerability hunting with Semmle QL, part 2 by re4lity

Vulnerability hunting with Semmle QL, part 1 by re4lity

CVE-2018-17057 yet another phar deserialization in TCPDF by re4lity

OOB-Server: A Bind9 server for pentesters to use for Out-of-Band vulnerabilities by re4lity

An introduction to privileged file operation abuse on Windows by re4lity

Google Books X-Hacking by re4lity

Karta - source code assisted fast binary matching plugin for IDA by re4lity

CVE-2018-8024: Apache Spark XSS vulnerability in UI by re4lity

CVE-2019-5786 FileReader Exploit by re4lity


SecWiki News 2019-03-21 Review

国际上跟暗网业务相关的厂商 by ourren

S&P 2019 (四)1~2月份议题速览 by ourren

基于对抗生成式模仿学习的实体和事件的联合抽取 by ourren

堡垒机:爱奇艺海量服务器安全运维平台的建设 by ourren

驱动人生某样本分析 by ourren

Analysis of a Chrome Zero Day: CVE-2019-5786 by ourren

新的采矿蠕虫PsMiner使用多个高风险漏洞进行传播 by mimblewimble

Ghidra 从 XXE 到 RCE by ourren

.NET高级代码审计(第四课) JavaScriptSerializer反序列化漏洞 by ourren

.NET高级代码审计(第三课)Fastjson反序列化漏洞 by ourren


SecWiki News 2019-03-20 Review

.NET高级代码审计(第二课) Json.Net反序列化漏洞 by ourren

.NET高级代码审计(第一课)XmlSerializer反序列漏洞 by ourren

浅谈RASP技术攻防之基础篇 by ourren

IoT-Implant-Toolkit:一款针对IoT设备的木马测试工具 by ourren

自动监控目标子域,助你快速挖洞——Sublert by BaCde

Spotless Sandboxes: Evading Malware Analysis Systems using Wear-and-Tear Artifac by z3r0yu

Writing a Custom Shellcode Encoder by re4lity

Multiple Ways to Exploiting OSX using PowerShell Empire by re4lity

CVE-2019–5420 and defence-in-depth by re4lity

Exploiting OGNL Injection in Apache Struts by re4lity

Hamburglar: collect useful information from urls, directories, and files by re4lity

Awesome Node.js for penetration testers by re4lity

RCE in Slanger, a Ruby implementation of Pusher by re4lity

Denial of service in Facebook Fizz due to integer overflow (CVE-2019-3560) by re4lity

Critical zero-day vulnerability fixed in WordPress Easy WP SMTP plugin. by re4lity

Development of a new Windows 10 KASLR Bypass (in One WinDBG Command) by re4lity

Red Team Telemetry: Empire Edition by re4lity

Java deserialization RCE in Tomcat cluster by re4lity

Finding and Exploiting .NET Remoting over HTTP using Deserialisation by re4lity

Discovering a zero day and getting code execution on Mozilla's AWS Network by re4lity

Check Point Forensic Files: A New Monero CryptoMiner Campaign by ourren

智能门锁移动互联网安全风险及加固策略研析 by 几维安全

Elasticsearch 安全防护 by ourren