360-CERT每日安全简报
Daily Security Briefing
2020-08-16 星期天
漏洞 Vulnerability
CVE-2020-1571 Windows安装程序特权提升
https://github.com/klinix5/Windows-Setup-EoP
Apache Solr信息泄露漏洞
https://www.openwall.com/lists/oss-security/2020/08/15/1
恶意软件 Malware
XCSSET Mac间谍软件通过Xcode Projects传播
https://securityaffairs.co/wordpress/107162/malware/xcsset-mac-malware.html
安全研究 Security Research
红队新思路:利用Windows调试框架在.NET进程内直接调用.NET方法
https://mp.weixin.qq.com/s/zz-sU6hz1GBatPj0yHUWdA
基于网络欺骗与浏览器指纹的WEB攻击溯源
https://www.freebuf.com/articles/web/245585.html
在Thymeleaf中利用SSTI
https://www.acunetix.com/blog/web-security-zone/exploiting-ssti-in-thymeleaf/
对PHP环境的攻击
https://srcincite.io/assets/out-of-hand-attacks-against-php-environments.pdf
安全工具 Security Tools
护网自动化脚本
https://mp.weixin.qq.com/s/uHNx28XFZ5M6KwykMC4Jsg
IoT-PT:渗透物联网设备的虚拟环境
https://securityonline.info/pentesting-iot-devices/
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn