360-CERT每日安全简报
Daily Security Briefing
2020-05-29 星期五
安全研究 Security Research
.NET中使用XPS文件执行CVE-2020-0605代码的分析
https://www.mdsec.co.uk/2020/05/analysis-of-cve-2020-0605-code-execution-using-xps-files-in-net/
从 Agent.BTZ 到 ComRAT v4 的十年发展历程
https://paper.seebug.org/1222/
设备指纹干扰与反干扰检测
https://www.freebuf.com/articles/web/235885.html
绕过WAF执行XSS
https://medium.com/bugbountywriteup/bypassing-waf-to-perform-xss-2d2f5a4367f3
都0202年了还在用的 - 各种姿势jsp webshell
https://xz.aliyun.com/t/7798
Bug Bounty:Keybase一键式RCE
https://www.shielder.it/blog/1-click-rce-on-keybase/
安全工具 Security Tools
Project iKy v2.6.0-从电子邮件收集信息并在漂亮的可视界面中显示结果的工具
https://www.kitploit.com/2020/05/project-iky-v260-tool-that-collects.html
Pivotnacci -一个通过HTTP代理建立连接的工具
https://www.kitploit.com/2020/05/pivotnacci-tool-to-make-socks.html
安全资讯 Security Information
美国银行是数据泄露的最新受害者
https://www.hackread.com/the-bank-of-america-victim-of-data-breach/
据称有4750万名Truecaller印度用户的数据在网上出售
https://www.hackread.com/47m-truecaller-indian-users-data-sold-online/
研究人员发现破坏了4800多个站点的巴西黑客主义者的身份
https://thehackernews.com/2020/05/brazilian-hacker-vandathegod.html
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn