[每日信息流] 2024-07-22

[chainreactorbot]

每日安全资讯（2024-07-22）

• Recent Commits to cve:main
  • [ ] Update Sun Jul 21 22:23:46 UTC 2024
  • [ ] Update Sun Jul 21 14:28:28 UTC 2024
  • [ ] Update Sun Jul 21 06:32:23 UTC 2024
• Jiajun的技术笔记
  • [ ] 编程语言中的 context 是什么？
• Doonsec's feed
  • [ ] 水文
  • [ ] 查理·芒格留下的思考
  • [ ] 对不起，CrowdStrike哥，刚才外面人多
  • [ ] 使用机器学习算法实现url日志检测功能
  • [ ] WPF 中某元素执行旋转动画时另一元素如何进行跟随
  • [ ] Webpack加密算法逆向
  • [ ] 第十七课 分析大规模入侵
  • [ ] 常态化HW猜测
  • [ ] 速报：某EDR产品服务端RCE 0day漏洞临时加固方案
  • [ ] 【资料】大规模监视和社交媒体正在改变间谍游戏-美国机密情报释放的内幕
  • [ ] 应急靶场(8)：【玄机】常见攻击事件分析--钓鱼邮件
  • [ ] 基线核查是什么？基线核查工具推荐——WBA、GoLin
  • [ ] 汇编中基本的机器指令和数据类型
  • [ ] 基于前端vue框架的扫描工具
  • [ ] 威胁情报周报（7.15~7.21）
  • [ ] 渗透测试之钉钉AK/SK接口调用
  • [ ] 漏洞利用小工具V1.3更新
  • [ ] 秦安：暂停与美军控与防扩散磋商，硬起来才能强起来，有三个挂钩
  • [ ] 王常胜：财富归美国、岛屿交大陆，特朗普上台后台湾的归宿
  • [ ] 秦安：拜登新冠阳性，是退选的体面理由吗？
  • [ ] 德勤：320页PPT集团IT蓝图总体规划方案
  • [ ] SeaMoon！一款云渗透工具集
  • [ ] 记某智慧云平台越权信息泄露SessionKey篡改 任意用户登录漏洞
  • [ ] 红队安全攻防知识库
  • [ ] 【CobaltStrike】OneCS 4.9 尊享版（自破解+二开+BUG修复）
  • [ ] [Hacker101靶场] HackyholidaysCTF-2[moderate]
  • [ ] 安全行业，跳槽成功的只是少数人，属于低概率事件
  • [ ] 针对安全汽车引导加载程序的模糊故障注入攻击
  • [ ] CAN模糊测试 - 增强现代互联汽车（包括即将推出的自动驾驶汽车）的通信鲁棒性 Bosch
  • [ ] 大陆集团如何利用模糊测试和 ASPICE 实现网络安全，以符合 ISO 21434 标准
  • [ ] 愿天常生好人，愿人常做好事
  • [ ] 【漏洞预警】WooCommerce - Social Login数据篡改漏洞（CVE-2024-6636）
  • [ ] 【要闻】中共中央关于进一步全面深化改革u3000推进中国式现代化的决定
  • [ ] 【资讯】国家知识产权局就《专利纠纷行政裁决和调解办法（征求意见稿）》公开征求意见
  • [ ] 【资讯】杭州市政府办公厅发布《关于高标准建设“中国数谷”促进数据要素流通的实施意见》
  • [ ] CrowdStrike导致大规模系统崩溃事件的技术分析
  • [ ] 知识星球 | 2024年网络安全有哪些重要趋势？企业数据资产如何入表？
  • [ ] 8500000 台 Windows 蓝屏：逻辑错误是根因
  • [ ] 撬开芯片的大门：故障注入实战培训
  • [ ] 工控系统安全资源精选库：保护关键基础设施的必备工具与策略
  • [ ] 聊聊关于Havoc相对于CobaltStrike的评测
  • [ ] 【安全圈】跨境“黑客”偷梁换柱，山东警方成功追回9000美元！
  • [ ] 【安全圈】涉案金额超5700万，非法获取公民信息11.75万条！25人出庭受审
  • [ ] 【安全圈】“手把手”教老人做跨境电商赚大钱？
  • [ ] 【安全圈】迪士尼遭黑客入侵超1TB资料外泄，外泄资料涉及项目计划和财务数据
  • [ ] 奏乐 起~
  • [ ] 这个工具扫一扫，就能看你电脑能不能蓝屏
  • [ ] 什么安全软件 让电脑蓝屏 让股价大跌 其原因竟然是所谓的点鼠标的猴子
  • [ ] 美国陆军制定未来战术无人机的发展计划
  • [ ] 议题征集 | 第八届安全开发者峰会 - SDC 2024
  • [ ] HITCON CTF 2024 re AntiVirus wp clamav bytecode signature逆向
  • [ ] 汽车诊断及OBD和UDS协议的基础概念介绍
  • [ ] 内网渗透-域信任关系
  • [ ] 2024中关村论坛系列活动——第二届北京数字安全大会顺利召开
  • [ ] 蓝屏不会是最后一次：盘点杀毒软件反杀操作系统的历史和警惕钓鱼网站
  • [ ] 服务器被黑客攻破了，拿安全祭天
  • [ ] CISP-IRE/IRS应急响应双认证
  • [ ] 从 PE 资源加载和执行 shellcode
  • [ ] 多家银行新设数据管理部，数据治理与安全工作仍是难题
  • [ ] 日志信息为啥要保存180天
  • [ ] 用友U8 CRM 文件上传致RCE漏洞
  • [ ] 译安 | CrowdStrike发布最新技术细节，具体原因仍在调查
• unSafe.sh - 不安全
  • [ ] USENIX Security ’23 – How Fast Do You Heal? A Taxonomy For Post-Compromise Security In Secure-Channel Establishment
  • [ ] Can AI Revolutionize the Efficiency of Algo Execution in Institutional Trading?
  • [ ] Security Affairs Malware Newsletter – Round 3
  • [ ] Unveiling Your Improved Profile and About Page Statistics
  • [ ] From Business Mindset to Creativity
  • [ ] My Furry Blog Has Lasted Longer Than the Confederacy
  • [ ] The Critique of Pure Reason: Understanding Cyber Security Epistemology Through Kantian Philosophy
  • [ ] Security Affairs newsletter Round 481 by Pierluigi Paganini – INTERNATIONAL EDITION
  • [ ] 阿里云盘「已限速」！看视频卡成狗，需开通第三方权益包…
  • [ ] Bloccati sistemi per un aggiornamento CrowdStrike (Microsoft)
  • [ ] Come l’FBI ha tentato di intercettare Telegram
  • [ ] Weekly Update 409
  • [ ] U.S. CISA adds Adobe Commerce and Magento, SolarWinds Serv-U, and VMware vCenter Server bugs to its Known Exploited Vulnerabilities catalog
  • [ ] 多名用户发现WPS疑似将文档共享给字节豆包训练AI WPS否认但没拿出证据
• Twitter @Nicolas Krassas
  • [ ] Beware Grand Theft Auto Fans! Fake GTA VI Beta Download Spreads Malware https://hackread.com/grand-theft-auto-fake-gta-vi-beta-download-malware/
  • [ ] RT grayhatwarfare: The latest public buckets update is out! We now have a database of 465,467 (+1000) buckets, 325271 s3 buckets, 56330 open Azure con...
  • [ ] (Old) List of Awesome Red Teaming Resources https://github.com/yeyintminthuhtut/Awesome-Red-Teaming
  • [ ] Awesome-Red-Team-Operation https://github.com/CyberSecurityUP/Awesome-Red-Team-Operations
  • [ ] Re @RonnyTNL It's {} I had to type it in haste.
  • [ ] HTB: Headless https://0xdf.gitlab.io/2024/07/20/htb-headless.html
  • [ ] Ropdump: Your Arsenal for Uncovering ROP Gadgets and Binary Vulnerabilities https://meterpreter.org/ropdump-your-arsenal-for-uncovering-rop-gadgets-an...
  • [ ] Threat actors attempted to capitalize CrowdStrike incident https://securityaffairs.com/165953/malware/threat-actors-capitalize-crowdstrike-incident.ht...
  • [ ] Cybercriminals Exploit Swap Files: New E-commerce Skimming Tactic https://securityonline.info/cybercriminals-exploit-swap-files-new-e-commerce-skimmin...
  • [ ] BlueToolkit: The Extensible Framework for Bluetooth Security Testing https://meterpreter.org/bluetoolkit-the-extensible-framework-for-bluetooth-securi...
• SecWiki News
  • [ ] SecWiki News 2024-07-21 Review
• Security Boulevard
  • [ ] USENIX Security ’23 – How Fast Do You Heal? A Taxonomy For Post-Compromise Security In Secure-Channel Establishment
  • [ ] The Critique of Pure Reason: Understanding Cyber Security Epistemology Through Kantian Philosophy
• Private Feed for M09Ic
  • [ ] skelsec released 0.6.10 at skelsec/pypykatz
  • [ ] CCob forked CCob/chlonium from rxwx/chlonium
  • [ ] Ak74-577 starred FunnyWhaleDev/AlterLoadDll
  • [ ] 4ra1n starred Storyyeller/enjarify
• MaskRay
  • [ ] Mapping symbols: rethinking for efficiency
• gynvael.coldwind//vx.log (en)
  • [ ] Solving Hx8 Teaser 2 highlight videos!
• modexp
  • [ ] Shellcode: Modular Exponentiation for Diffie-Hellman Key Exchange.
• Dhole Moments
  • [ ] Featured Furries
  • [ ] My Furry Blog Has Lasted Longer Than the Confederacy
• Source Incite
  • [ ] JNDI Injection Remote Code Execution via Path Manipulation in MemoryUserDatabaseFactory
• 奇安信 CERT
  • [ ] CrowdStrike导致全球性IT基础设施中断事件分析报告
• 黑奇士
  • [ ] 为什么有些爱阅读的孩子，作文却写不好？
• 情报分析师
  • [ ] 如何通过肢体语言预判潜在的谋杀意图
  • [ ] 暗网综合手册2024
• 极客公园
  • [ ] 微软「蓝屏」致巴黎奥运证件激活暂停；业绩下滑，优衣库称中国消费者心态变了；迪士尼展示「瓦力机器人」 | 极客早知道
• 甲方安全建设
  • [ ] 「推安早报」0721 | apache2个检测poc公开
• IT Service Management News
  • [ ] Bloccati sistemi per un aggiornamento CrowdStrike (Microsoft)
• Luca Mercatanti
  • [ ] Come l’FBI ha tentato di intercettare Telegram
• Troy Hunt's Blog
  • [ ] Weekly Update 409
• TorrentFreak
  • [ ] Z-Library: More Domains Seized Than Any Other Pirate Site in History
• Security Affairs
  • [ ] Security Affairs Malware Newsletter – Round 3
  • [ ] Security Affairs newsletter Round 481 by Pierluigi Paganini – INTERNATIONAL EDITION
  • [ ] U.S. CISA adds Adobe Commerce and Magento, SolarWinds Serv-U, and VMware vCenter Server bugs to its Known Exploited Vulnerabilities catalog
• Information Security
  • [ ] Framework for risks arising due to use of AI in supply chain / third parties etc
• Computer Forensics
  • [ ] Pagefile.sys help
• Your Open Hacker Community
  • [ ] Password protected file INSIDE a rar bruteforce
• The Register - Security
  • [ ] CrowdStrike's Falcon Sensor also linked to Linux kernel panics and crashes
• Blackhat Library: Hacking techniques and research
  • [ ] How do I find out someone’s email that they’re using on social media?
  • [ ] gmail - for $