360-CERT每日安全简报
Daily Security Briefing
2020-08-17 星期一
漏洞 Vulnerability
【近期热点】代码审计 | PHPCMS V9 前台RCE挖掘分析
https://mp.weixin.qq.com/s/zLXJtekT9O3OuzwBLigMsA
【近期热点】通达OA 2015-2017版本漏洞
https://web.archive.org/web/20200817040018/http://www.hackdig.com/08/hack-111538.htm
安全工具 Security Tools
xssmap:快速检测Web应用程序中的XSS漏洞的工具
https://github.com/Jewel591/xssmap
安全报告 Security Report
SANS分享有关导致其数据泄露的攻击的详细信息
https://www.bleepingcomputer.com/news/security/sans-shares-details-on-attack-that-led-to-their-data-breach/
安全事件 Security Incident
朝鲜黑客组织袭击以色列国防工业
https://www.nytimes.com/2020/08/12/world/middleeast/north-korea-hackers-israel.html?referringSource=articleShare
安全资讯 Security Information
Docker 禁止被列入美国“实体名单”的国家、企业、个人使用
https://www.anquanke.com/post/id/214277
安全研究 Security Research
Struts2 S2-059 漏洞分析
https://mp.weixin.qq.com/s/VyLiLrUV0yakh_lzTBYGyQ
Kibana CVE-2019-7609 RCE POC
https://github.com/kisec/CVE-2019-7609?fbclid=IwAR02m1XrcGDleYn8KzrjBRuIFNXzwJumhrYi2n7zSFeq9fvPk39FxPyAyWY
Electron代码审计:将开放重定向升级为远程代码执行
https://spaceraccoon.dev/open-sesame-escalating-open-redirect-to-rce-with-electron-code-review?pk_campaign=rss-feed
关于Cobalt Strike检测方法与去特征的思考
https://mp.weixin.qq.com/s/5MWDXN3eCaw9m-XHDGaXcQ
Windows NT的内核模式有效负载研究
https://zerosum0x0.blogspot.com/2020/08/sassykitdi-kernel-mode-tcp-sockets.html
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn