360-CERT每日安全简报
Daily Security Briefing
2020-12-07 星期一
漏洞 Vulnerability
JAVA代码审计之因酷开源网校系统文件上传漏洞分析
https://xz.aliyun.com/t/8593
A 3D Printed Shell - CVE-2019-14450
https://www.securifera.com/blog/2020/12/02/a-3d-printed-shell/
.红队中易被攻击的一些重点系统漏洞整理
https://github.com/r0eXpeR/redteam_vul
安全工具 Security Tools
HTTP-revshell:一个能够绕过AMSI的PowerShell代理感知型反向Shell
https://github.com/3v4Si0N/HTTP-revshell
EHole(棱洞)-红队重点攻击系统指纹探测工具
https://github.com/ShiHuang-ESec/EHole
安全报告 Security Report
WebLogic漏洞最新情报:H2Miner双杀操作系统挖矿
https://www.freebuf.com/vuls/254488.html
安全研究 Security Research
Java 反序列化过程中 RMI JRMP 以及 JNDI 多种利用方式详解
https://paper.seebug.org/1420/
打比赛捣蛋的奇招妙想附脚本
https://xz.aliyun.com/t/8590
Beacon Stager listener 去特征
https://mp.weixin.qq.com/s/HibtLfikI_0ezcLVCRxqaA
恶意软件 Malware
新的 npm 恶意软件带有 Bladabindi 木马
https://paper.seebug.org/1421/
Ghimob银行木马分析
https://www.freebuf.com/articles/terminal/255139.html
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn