360-CERT每日安全简报
Daily Security Briefing
2020-12-06 星期天
漏洞 Vulnerability
Apache中mod_negotiation模块可能导致xss漏洞
https://github.com/orangetw/My-CTF-Web-Challenges#oStyle
安全工具 Security Tools
Oracle Database Attacking Tool
https://github.com/quentinhardy/odat
在红队行动中利用OSS进行文件传输的小工具
https://github.com/B1eed/OSSFileTool
安全事件 Security Incident
勒索软件团伙表示,他们从E-Land那里偷走了200万张信用卡
https://www.bleepingcomputer.com/news/security/ransomware-gang-says-they-stole-2-million-credit-cards-from-e-land/
全球数十国央行及证券机构软件供应商源代码遭泄露
https://www.secrss.com/articles/27596
恶意软件 Malware
android平台上出现的新的恶意软件 WAPDropper
https://research.checkpoint.com/2020/enter-wapdropper-subscribe-users-to-premium-services-by-telecom-companies/
安全研究 Security Research
CVE-2020-15257 Docker (容器逃逸)分析
https://bestwing.me/CVE-2020-15257-anaylysis.html
Dumping Memory with AV
https://www.archcloudlabs.com/projects/dumping-memory-with-av/
在 Cobaltstrike Artifact Kit中运用Syscalls
https://br-sn.github.io/Implementing-Syscalls-In-The-CobaltStrike-Artifact-Kit/
bypass AMSI
http://8sec.cc/index.php/archives/439/
攻防最前线:ATT&CK模型解读
https://www.freebuf.com/articles/ics-articles/254809.html
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn