360-CERT每日安全简报
Daily Security Briefing
2020-08-14 星期五
<<Previous
Next>>
漏洞
Vulnerability
Citrix Endpoint Management 多个高危漏洞通告
https://cert.360.cn/warning/detail?id=c90721afed448a76134344672230c3ae
CVE-2019-0230:Apache Struts2远程代码执行漏洞通告
https://cert.360.cn/warning/detail?id=d2b39f48fd31f3b36cc957f23d4777af
安全工具
Security Tools
Windows GDI fuzzer
https://github.com/math1as/Windows-GDI-fuzzer
Aurora:用于自动静态分析AFL fuzz出的Crash崩溃成因
https://github.com/RUB-SysSec/aurora#aurora-statistical-crash-analysis-for-automated-root-cause-explanation
ArcHeap:自动探测堆可利用的地方
https://github.com/sslab-gatech/ArcHeap
安全资讯
Security Information
【即将上线】ISC 2020网络空间测绘论坛:关注数字时代资产威胁与安全
https://mp.weixin.qq.com/s/TdohRaBgrWcI1yK9bUm_5Q
安全研究
Security Research
USENIX Security '20 会议各议题资料放出
https://www.usenix.org/conference/usenixsecurity20/technical-sessions
如何在WordPress 插件中挖掘SQL注入和CSRF
https://medium.com/tenable-techblog/hunting-for-sql-injections-sqlis-and-cross-site-request-forgeries-csrfs-in-wordpress-plugins-632dafc9cd2f
Fuzzing sockets part 2: 目标->FreeRDP
https://securitylab.github.com/research/fuzzing-sockets-FreeRDP
MMS Exploit Part 5:绕过Android 随机化,进行RCE
https://googleprojectzero.blogspot.com/2020/08/mms-exploit-part-5-defeating-aslr-getting-rce.html
eBPF学习网站
https://ebpf.io/
DEFCON 28 上关于破解特斯拉 Model3的Slide
https://www.slideshare.net/Kevin2600/hacking-tesla-model3-nfc-relay-revisited
xss payload 大全
https://portswigger.net/web-security/cross-site-scripting/cheat-sheet#onshow
恶意软件
Malware
与APT ReconHellcat 相关的BlackWater 恶意软件分析
https://quointelligence.eu/2020/08/blackwater-malware-leveraging-beirut-tragedy-in-new-targeted-campaign/
银行木马Mekotio 分析
https://www.welivesecurity.com/2020/08/13/mekotio-these-arent-the-security-updates-youre-looking-for/
APT lazarus /Dream-Job 组织 分析
https://github.com/blackorbird/APT_REPORT/blob/master/lazarus/Dream-Job-Campaign.pdf
<<Previous
Next>>