360-CERT每日安全简报
Daily Security Briefing
2019-10-13 星期天
漏洞 Vulnerability
cve-2019-17059: CyberoamSSL VPN的RCE漏洞
https://thebestvpn.com/cyberoam-preauth-rce/
安全研究 Security Research
CVE-2019-9535 Iterm2命令执行的不完整复现
https://mp.weixin.qq.com/s/4KcpS4eNGQ8bL6DTM4K0aQ
从 Masscan, Zmap 源码分析到开发实践
https://paper.seebug.org/1052/
绕过像PRO这样的xss过滤器(xss高级方法)
https://medium.com/@Master_SEC/bypass-uppercase-filters-like-a-pro-xss-advanced-methods-daf7a82673ce
通过参数污染绕过IDOR
https://medium.com/@0xgaurang/case-study-bypassing-idor-via-parameter-pollution-78f7b3f9f59d
Lxd权限提升
https://www.hackingarticles.in/lxd-privilege-escalation/
红蓝对抗——加密Webshell“冰蝎”攻防
https://www.anquanke.com/post/id/187874
安全工具 Security Tools
0kee发布邮箱爆破工具CatchMail
https://github.com/0Kee-Team/CatchMail
Traxss-在Python3下的自动XSS漏洞扫描程序
https://www.kitploit.com/2019/10/traxss-automated-xss-vulnerability.html
DECAF-动态可执行代码分析框架
https://www.kitploit.com/2019/10/decaf-short-for-dynamic-executable-code.html
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn