360-CERT每日安全简报
Daily Security Briefing
2020-12-05 星期六
漏洞 Vulnerability
CVE-2020-25649 FasterXML jackson-databind XXE漏洞
https://www.ehackingnews.com/2020/12/updated-malware-vietnamese-hacking.html?utm_source=dlvr.it&utm_medium=twitter
用友TurboCRM存在未授权访问漏洞
https://www.cnvd.org.cn/flaw/show/CNVD-2020-59799
NSA报告了最近披露的CVE-2020-4006 VMware零日漏洞
https://securityaffairs.co/wordpress/111928/security/vmware-zero-day-vulnerability.html
安全工具 Security Tools
Go365:Office365用户攻击工具
https://securityonline.info/go365-office365-user-attack-tool/
安全资讯 Security Information
数亿Android用户由于CVE-2020-8913遭受黑客攻击
https://securityaffairs.co/wordpress/111911/mobile-2/android-cve-2020-8913-flaw.html
安全研究 Security Research
Java安全之CC4链
https://www.sec-in.com/article/640
内网技巧-RDP劫持及利用hash登录
https://xz.aliyun.com/t/8574
红蓝对抗中的溯源反制实战
https://mp.weixin.qq.com/s/Dswz7lxNpW5yLxmWKtqY6Q
Cobalt Strike 4.0 认证及修补过程
https://rcoil.me/2020/11/%E3%80%90%E7%9F%A5%E8%AF%86%E5%9B%9E%E9%A1%BE%E3%80%91Cobalt%20Strike%204.0%E8%AE%A4%E8%AF%81%E5%8F%8A%E4%BF%AE%E8%A1%A5%E8%BF%87%E7%A8%8B/
浅谈蚁剑asp马和php马流量加密
https://www.anquanke.com/post/id/223784
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn