360CERT - 每日安全简报 (2020-08-14)

<<Previous Next>>

漏洞 Vulnerability

Citrix Endpoint Management 多个高危漏洞通告

https://cert.360.cn/warning/detail?id=c90721afed448a76134344672230c3ae

CVE-2019-0230:Apache Struts2远程代码执行漏洞通告

https://cert.360.cn/warning/detail?id=d2b39f48fd31f3b36cc957f23d4777af

安全工具 Security Tools

Windows GDI fuzzer

https://github.com/math1as/Windows-GDI-fuzzer

Aurora：用于自动静态分析AFL fuzz出的Crash崩溃成因

https://github.com/RUB-SysSec/aurora#aurora-statistical-crash-analysis-for-automated-root-cause-explanation

ArcHeap：自动探测堆可利用的地方

https://github.com/sslab-gatech/ArcHeap

安全资讯 Security Information

【即将上线】ISC 2020网络空间测绘论坛：关注数字时代资产威胁与安全

https://mp.weixin.qq.com/s/TdohRaBgrWcI1yK9bUm_5Q

安全研究 Security Research

USENIX Security '20 会议各议题资料放出

https://www.usenix.org/conference/usenixsecurity20/technical-sessions

如何在WordPress 插件中挖掘SQL注入和CSRF

https://medium.com/tenable-techblog/hunting-for-sql-injections-sqlis-and-cross-site-request-forgeries-csrfs-in-wordpress-plugins-632dafc9cd2f

Fuzzing sockets part 2: 目标->FreeRDP

https://securitylab.github.com/research/fuzzing-sockets-FreeRDP

MMS Exploit Part 5:绕过Android 随机化，进行RCE

https://googleprojectzero.blogspot.com/2020/08/mms-exploit-part-5-defeating-aslr-getting-rce.html

eBPF学习网站

https://ebpf.io/

DEFCON 28 上关于破解特斯拉 Model3的Slide

https://www.slideshare.net/Kevin2600/hacking-tesla-model3-nfc-relay-revisited

xss payload 大全

https://portswigger.net/web-security/cross-site-scripting/cheat-sheet#onshow

恶意软件 Malware

与APT ReconHellcat 相关的BlackWater 恶意软件分析

https://quointelligence.eu/2020/08/blackwater-malware-leveraging-beirut-tragedy-in-new-targeted-campaign/

银行木马Mekotio 分析

https://www.welivesecurity.com/2020/08/13/mekotio-these-arent-the-security-updates-youre-looking-for/

APT lazarus /Dream-Job 组织分析

https://github.com/blackorbird/APT_REPORT/blob/master/lazarus/Dream-Job-Campaign.pdf

<<Previous Next>>