diff --git a/results/2025-09-17.md b/results/2025-09-17.md index 24ac02f..b81d525 100644 --- a/results/2025-09-17.md +++ b/results/2025-09-17.md @@ -3,7 +3,7 @@ > 本文由AI自动生成,基于对安全相关仓库、CVE和最新安全研究成果的自动化分析。 > -> 更新时间:2025-09-17 04:32:26 +> 更新时间:2025-09-17 08:37:20 @@ -11,51 +11,78 @@ ### 🔍 漏洞分析 -* [Citrix 修复了零日攻击中利用的严重 NetScaler RCE 漏洞](https://mp.weixin.qq.com/s?__biz=Mzg3ODY0NTczMA==&mid=2247493548&idx=1&sn=53f6ab5cc4656b4199f068dff316226e) -* [轻量高效的漏洞情报平台系统|漏洞情报包含:组件漏洞 + 软件漏洞 + 系统漏洞|bug_search](https://mp.weixin.qq.com/s?__biz=Mzg3ODE2MjkxMQ==&mid=2247494779&idx=1&sn=248962b62dcd260a8e17617c76eadfc2) -* [dify upload存在SSRF漏洞 附POC](https://mp.weixin.qq.com/s?__biz=MzIxMjEzMDkyMA==&mid=2247489165&idx=1&sn=2d82103234b65a44b2395d861c30af7f) -* [基础软硬件产品漏洞治理生态大会成功举办](https://mp.weixin.qq.com/s?__biz=MzAxODY1OTM5OQ==&mid=2651463614&idx=1&sn=65bc2637b549a0d4da74bbbcc65b913b) -* [算法推荐盯着 “OTP 绕过”“名人堂” 等关键词疯狂推流!!!](https://mp.weixin.qq.com/s?__biz=MzI0NjE1NDYyOA==&mid=2247485906&idx=1&sn=28e30a3b82f27a8f0edc98fdefa7906d) -* [用友U8 Cloud系统VouchFormulaCopyAction方法SQL注入漏洞分析](https://mp.weixin.qq.com/s?__biz=MzU2NDY2OTU4Nw==&mid=2247523801&idx=1&sn=f633b404a77e017074fb710df966bc71) +* [基础 | 内网渗透,一键拿下域控的两个漏洞](https://mp.weixin.qq.com/s?__biz=MzI5MDQ2NjExOQ==&mid=2247500238&idx=1&sn=dd21fbd4367cbde5ce8768f4b86ed92e) +* [.NET内网实战:通过 VisualUiaVerifyNative 反序列化漏洞执行命令](https://mp.weixin.qq.com/s?__biz=MzUyOTc3NTQ5MA==&mid=2247500604&idx=2&sn=e319c7f7bf4864cfb19fa6e576c4693c) +* [喜讯 | 金盾检测获CNVD“国家级”双项认证,原创漏洞发现获突出贡献奖!](https://mp.weixin.qq.com/s?__biz=MzI5NjA4NjA3OA==&mid=2652103142&idx=1&sn=304ccd1b0bed7c6f7306f1985bca4160) +* [漏洞预警 | GitLab Webhook SSRF漏洞](https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247494470&idx=1&sn=0884e7c975ad9fd02ddeafdad9f0c63f) +* [漏洞预警 | MetaCRM客户关系管理系统任意文件上传漏洞](https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247494470&idx=2&sn=3f203b8d04238076af64f2bf08de00ee) +* [漏洞预警 | 金和OA SQL注入和XXE漏洞](https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247494470&idx=3&sn=f1cae62f32759d7bf93fa2567f2f26e8) +* [工具 | CVE_PushService](https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247494470&idx=4&sn=fbab69cfe06c557116893d278a9be0b3) +* [孚盟云CRM AjaxContractList.ashx接口存在SQL注入漏洞 附POC](https://mp.weixin.qq.com/s?__biz=MzIxMjEzMDkyMA==&mid=2247489178&idx=1&sn=961510d3b69cebb18effb34e4550c555) ### 🔬 安全研究 -* [Arkime:开源网络分析和数据包捕获系统](https://mp.weixin.qq.com/s?__biz=MzA5MzU5MzQzMA==&mid=2652118381&idx=1&sn=cf097789a609add24cb195fb0a3f1322) -* [欢迎报名丨《原材料行业工业智能体研究报告》征集联合起草单位](https://mp.weixin.qq.com/s?__biz=MjM5NzYwNDU0Mg==&mid=2649254390&idx=2&sn=9853dc78485cbf6bb5c2cfd2d763180c) -* [以色列内塔尼亚胡争议言论技术分析与解读:技术威胁、全球恐慌与手机安全](https://mp.weixin.qq.com/s?__biz=MzE5MTE5MTA0NQ==&mid=2247483678&idx=1&sn=60a3bd024367e8ea5dc86781f3a4477e) +* [2025年在华外商企业云计算服务采用研究报告](https://mp.weixin.qq.com/s?__biz=MjM5OTk4MDE2MA==&mid=2655291708&idx=2&sn=a30f48f283d04a40b1a606039636670c) ### 🎯 威胁情报 -* [针对SSH隧道APT攻击的可落地威胁检测方案](https://mp.weixin.qq.com/s?__biz=Mzg3NTUzOTg3NA==&mid=2247516406&idx=1&sn=879f7038962f1502a932206be885165f) -* [MacOS平台新型虚拟货币窃密木马分析](https://mp.weixin.qq.com/s?__biz=MzA4ODEyODA3MQ==&mid=2247493368&idx=1&sn=9e285dbcf7052cc44d712663d601eb45) +* [Windows ETW日志检测高级威胁](https://mp.weixin.qq.com/s?__biz=MjM5OTk4MDE2MA==&mid=2655291708&idx=1&sn=29102e3463d0df3b013c2c2ce5fce59a) +* [黑客窃取古驰、巴黎世家与亚历山大·麦昆数百万客户数据](https://mp.weixin.qq.com/s?__biz=Mzg3OTc0NDcyNQ==&mid=2247494800&idx=1&sn=8d2fc3b2b0a5c6988faa36a40be28d44) +* [处理主页绑定木马](https://mp.weixin.qq.com/s?__biz=Mzk0MTI4NTIzNQ==&mid=2247495063&idx=1&sn=300c111d934ad74e2d6e544e9a9c1605) ### 🛠️ 安全工具 -* [3.4k下载量的VscanPlus - 内外网漏洞扫描工具更新归来!](https://mp.weixin.qq.com/s?__biz=MzkzMzE5OTQzMA==&mid=2247488777&idx=1&sn=cecbaee3194b03513f55393111c3a2e5) +* [红队视角下的 IIS 资产速查工具 Sharp4WebManager v2.0 增强版](https://mp.weixin.qq.com/s?__biz=MzUyOTc3NTQ5MA==&mid=2247500604&idx=1&sn=33101f91ad403b552ba0b3240cfc8092) +* [CS4.10中后渗透工具的开发](https://mp.weixin.qq.com/s?__biz=Mzk2NDg3NTc1Mg==&mid=2247484742&idx=1&sn=2984e4a46297a427c9b8e21edde2a38b) +* [带你解锁编码新世界!-随波逐流CTF编码工具使用教程114 -关键字密码(Keyword Cipher)](https://mp.weixin.qq.com/s?__biz=MzU2NzIzNzU4Mg==&mid=2247491172&idx=1&sn=911211b1384955a827ea9cc58c85be4c) +* [记一次某SRC上某APP的测试](https://mp.weixin.qq.com/s?__biz=MzkwMzMwODg2Mw==&mid=2247513856&idx=1&sn=b9ade3e7622a70b66444898ff0eb963c) +* [Nmap图形化扫描工具 | 集成资产定期监控功能](https://mp.weixin.qq.com/s?__biz=Mzk0ODM0NDIxNQ==&mid=2247495229&idx=1&sn=2c816bbfd539b9302b4bd8eb50ef740f) +* [迷你天猫商城Tmall_demo代码审计练习合集](https://mp.weixin.qq.com/s?__biz=Mzg4NTg5MDQ0OA==&mid=2247488687&idx=1&sn=ac439f61ede770c75fc9eb976232c03e) +* [Nmap与Wireshark选择正确的网络渗透测试工具](https://mp.weixin.qq.com/s?__biz=Mzg2NjY2MTI3Mg==&mid=2247501679&idx=1&sn=7be2c3ad5dd12e527ef6688bdfa0e44f) ### 📚 最佳实践 -* [40分钟从获得初始权限到域管权限,管理员裤衩子都被骗光了](https://mp.weixin.qq.com/s?__biz=MzU4NDY3MTk2NQ==&mid=2247491930&idx=1&sn=56364d813ae526dd285cd5f20f41f063) +* [从零部署iMC Portal认证:SQLServer配置 + 虚拟机验证,一步步教你搞定](https://mp.weixin.qq.com/s?__biz=MzI4NjAzMTk3MA==&mid=2458861548&idx=1&sn=52bc31eb755851e876fafb2f69a22f93) +* [《PVE集群节点管理:安全添加与强制移除操作指南》](https://mp.weixin.qq.com/s?__biz=MzU2MjU2MzI3MA==&mid=2247484914&idx=1&sn=2243422bd65c5adf63fe13629844f8c0) +* [网安标委三项网络安全标准实践指南发布](https://mp.weixin.qq.com/s?__biz=MzkxNTI2NTQxOA==&mid=2247498929&idx=4&sn=e0f3946f19fbc192674b083125d73b81) +* [发布《国家网络安全事件报告管理办法》](https://mp.weixin.qq.com/s?__biz=Mzg5OTg5OTI1NQ==&mid=2247491820&idx=1&sn=9ab6e9f6588a3a41955404c31f82347b) +* [SDL 94/100问:针对开发安全管理的面试,一般都会问哪些问题?](https://mp.weixin.qq.com/s?__biz=MzI3Njk2OTIzOQ==&mid=2247487242&idx=1&sn=f4b36159a544df2a940275b73e14dc39) ### 🍉 吃瓜新闻 -* [2025网安周 | 启明星辰董事长袁捷出席网络安全企业家座谈会](https://mp.weixin.qq.com/s?__biz=MzA3NDQ0MzkzMA==&mid=2651734262&idx=1&sn=2e8d6705dc523005dac8b61d7845fe9d) +* [源码交付 ThingsKit 2.0 企业级物联网平台,支持MQTT、Modbus协议,集成Node-RED引擎,低代码组态大屏](https://mp.weixin.qq.com/s?__biz=MjM5OTA4MzA0MA==&mid=2454939938&idx=1&sn=b9ccb075950de30f8f5b8a5563f635f4) +* [用AI写代码爽歪歪?小心!一个git clone就可能让你代码库和密钥全泄露!](https://mp.weixin.qq.com/s?__biz=MzA4NTY4MjAyMQ==&mid=2447901358&idx=1&sn=8cbc569226ac16f18ce73f97815051b8) +* [Petya重现!2025年最值得警惕的勒索软件,连UEFI安全启动都防不住了?](https://mp.weixin.qq.com/s?__biz=Mzk1NzM4NzMyMw==&mid=2247485048&idx=1&sn=4522dd025711d63d242bdf5ac61dc0ef) +* [谷歌确认执法门户网站遭“Scattered Lapsus$ Hunters”入侵,但未获取任何数据](https://mp.weixin.qq.com/s?__biz=MzU5MjgwMDg1Mg==&mid=2247486830&idx=1&sn=58a7006f9c0069e91a78d39c8c0fc806) +* [安全设备篇——数据库弱点扫码器](https://mp.weixin.qq.com/s?__biz=MzkwNzM5NDk4Mw==&mid=2247484308&idx=1&sn=3258c9edcbd43ffb6a8a5681a846fc9f) +* [国家网信办发布近期网络安全、数据安全、个人信息保护相关执法典型案例](https://mp.weixin.qq.com/s?__biz=MzkxNTI2NTQxOA==&mid=2247498929&idx=1&sn=c87861d1e266a6ab87a771e8870e81db) +* [《数据安全国家标准体系(2025版)》《个人信息保护国家标准体系(2025版)》](https://mp.weixin.qq.com/s?__biz=MzkxNTI2NTQxOA==&mid=2247498929&idx=2&sn=cc00f312b47fb438961a2a7e34d6b94d) +* [FinWise银行内部违规事件致68.9万名AFF客户数据泄露](https://mp.weixin.qq.com/s?__biz=Mzg3OTc0NDcyNQ==&mid=2247494800&idx=2&sn=c19cc4c6103e88f5ed952c2cfb2cbb74) +* [Fairmont联邦信用合作社2023年数据泄露事件影响18.7万人](https://mp.weixin.qq.com/s?__biz=Mzg3OTc0NDcyNQ==&mid=2247494800&idx=3&sn=1c2926919992822fab55c8d3a8a0d76b) ### 📌 其他 -* [CDN也会“反水”为DDOS?揭秘CDN回源策略风险](https://mp.weixin.qq.com/s?__biz=MzU0NDI5NTY4OQ==&mid=2247486459&idx=1&sn=67aa28f65b840b30df3a81c32fd73e2e) -* [买房赢麻106平送34平](https://mp.weixin.qq.com/s?__biz=MzkwMzI1ODUwNA==&mid=2247488255&idx=1&sn=316b28f70a204a667af2135457ad9f45) -* [分享图片](https://mp.weixin.qq.com/s?__biz=MzI3Njc1MjcxMg==&mid=2247496371&idx=1&sn=d3472bd5dbae890a23dceaed9eb68b19) -* [独家BOF插件 | 无文件落地+内存执行一键关闭Defender](https://mp.weixin.qq.com/s?__biz=MzkwNjczOTQwOA==&mid=2247495872&idx=1&sn=ded21d3adeb87ef27bafe67ca4481269) -* [科技名词|网络隐私权](https://mp.weixin.qq.com/s?__biz=MzA5MzU5MzQzMA==&mid=2652118381&idx=2&sn=56a43d6a1e5632459e1118b9e15025f3) -* [网络安全宣传周](https://mp.weixin.qq.com/s?__biz=Mzg2NjY2MTI3Mg==&mid=2247501677&idx=1&sn=698ad6eb240c03f30a76a7e5df192f6b) -* [网络安全知识宣传手册](https://mp.weixin.qq.com/s?__biz=MzUzMDgwMjY1Mg==&mid=2247485861&idx=1&sn=6dba95c11dd2eb80f27927336ce44310) -* [吕后,首位保护女性权益的统治者](https://mp.weixin.qq.com/s?__biz=MzkwMzI1ODUwNA==&mid=2247488250&idx=1&sn=ed9a6fcce533f8aac360c5a5d77ce77b) -* [Suricata规则格式](https://mp.weixin.qq.com/s?__biz=MzI2MDI0NTM2Nw==&mid=2247490701&idx=1&sn=3b8ba492ecdae9ee4af72950d63c8d04) -* [成果发布 2025大模型服务性能排行榜发布](https://mp.weixin.qq.com/s?__biz=MjM5NzYwNDU0Mg==&mid=2649254390&idx=1&sn=a128b7f381c195a30d4d6f0524dfbe7b) -* [红队利器Dshell更新:从生成Shellcode到上线全程无压力](https://mp.weixin.qq.com/s?__biz=Mzk0OTY1NTI5Mw==&mid=2247494619&idx=1&sn=f2177a8126ede87e00a157c45d40a0f9) -* [不蒸馒头,争口气](https://mp.weixin.qq.com/s?__biz=MzUzNjkxODE5MA==&mid=2247493824&idx=1&sn=9cea216cc8ed79ee42130356b05b9f70) -* [逍遥网络安全培训以及最近发生的事情](https://mp.weixin.qq.com/s?__biz=Mzk0NTc2MTMxNQ==&mid=2247484845&idx=1&sn=87a4cda9e6a743b07476554789728c7e) +* [.NET 本地提权,通过系统进程令牌模拟实现权限提升](https://mp.weixin.qq.com/s?__biz=MzUyOTc3NTQ5MA==&mid=2247500604&idx=3&sn=d806a65f7131563837c46733c918a72c) +* [九歌音乐播放器v2.0.1更新](https://mp.weixin.qq.com/s?__biz=MzA4MjkzMTcxMg==&mid=2449047647&idx=1&sn=83857e408dda0b4b96331b334cd36c05) +* [顺心借JAVA网站重构详细版(服务器取证基础考点+检材+题目+重构视频)](https://mp.weixin.qq.com/s?__biz=Mzg3NTU3NTY0Nw==&mid=2247490116&idx=1&sn=a2456a0f9486b421398fd195dddb25b1) +* [智慧法院密码安全:筑牢司法数字化转型的安全基石](https://mp.weixin.qq.com/s?__biz=MzA3NDUzMjc5Ng==&mid=2650204003&idx=1&sn=11eed1e88eefcc4cd86b61be13887fd6) +* [威努特为化工园区打造安全高效的智控平台](https://mp.weixin.qq.com/s?__biz=MzAwNTgyODU3NQ==&mid=2651135627&idx=1&sn=40b18fed8b9fafb039b4e9247e9a46c8) +* [国家网安周重磅发布《政务大模型应用安全规范》,永信至诚深度参与标准编写工作](https://mp.weixin.qq.com/s?__biz=MzAwNDUyMjk4MQ==&mid=2454831883&idx=1&sn=670e53a1375725cf330c1ea27b869919) +* [NCCA 2025 信息系统应用与安全专题会议在京成功举办](https://mp.weixin.qq.com/s?__biz=MzI0NjU2NDMwNQ==&mid=2247505878&idx=1&sn=4a3bc849029437da70fc690beb97be1f) +* [学术年会 | 2025年网络空间安全学术会议征文通知](https://mp.weixin.qq.com/s?__biz=MzI0NjU2NDMwNQ==&mid=2247505878&idx=2&sn=af150891c4ed0b6d47e76349e0e925b3) +* [学术年会 | 2025年网络空间安全学术会议专题会议征集通知](https://mp.weixin.qq.com/s?__biz=MzI0NjU2NDMwNQ==&mid=2247505878&idx=3&sn=17ab62db4f5e2ecbe9ce9a73adcea882) +* [奇安信、深信服、锐捷、大华四家offer怎么选](https://mp.weixin.qq.com/s?__biz=MzkwNjY1Mzc0Nw==&mid=2247489480&idx=1&sn=f580a7538dba2bb251e1d00012884622) +* [100条华为设备CLI高频核心命令,考证必背!](https://mp.weixin.qq.com/s?__biz=MzIyMzIwNzAxMQ==&mid=2649470726&idx=1&sn=4eb3d359b8c1a90414320deed5f0a91c) +* [湖南金盾助力湖南省2025年国家网络安全宣传周活动](https://mp.weixin.qq.com/s?__biz=MzIyNTI0ODcwMw==&mid=2662129640&idx=1&sn=dfefc7f1cbc7d707789a9eb373f15efe) +* [AI+安全,到底怎么+ ? 看看头部安全厂商的首发阵容](https://mp.weixin.qq.com/s?__biz=MzU3NDY0NDAxMw==&mid=2247484788&idx=1&sn=5e7d5ac2e0a0430a918f9ef41517030e) +* [“打不过就加入”网约车作弊器背后的黑产覆灭记](https://mp.weixin.qq.com/s?__biz=MzIxOTM2MDYwNg==&mid=2247518275&idx=1&sn=ead8e1ce1f11c8adf357493f8e3de8f6) +* [一篇文章 教会女盆友什么是信息收集!](https://mp.weixin.qq.com/s?__biz=MzU2MjU2MzI3MA==&mid=2247484914&idx=2&sn=ee52c5c996980b3bc13ee2adaeeedd51) +* [推荐一款JS敏感信息离线提取利器](https://mp.weixin.qq.com/s?__biz=MzkxMjg3NzU0Mg==&mid=2247486360&idx=1&sn=e647221e25e1805952bab8b522e3a903) +* [2025年国家网络安全宣传周|了解网络安全知识](https://mp.weixin.qq.com/s?__biz=Mzk0NTY5Nzc1OA==&mid=2247484303&idx=1&sn=c2e186871b5999ea79f744d665723c2c) +* [秦安:危险的信号!再谈美政治网红、特朗普盟友,被枪杀至少三重原因,有人已恐慌](https://mp.weixin.qq.com/s?__biz=MzA5MDg1MDUyMA==&mid=2650481331&idx=1&sn=7c9891cb7498012b290caae700b1d264) +* [秦安:日本三宗罪极度嚣张!国防部警告绝不允许军国主义死灰复燃](https://mp.weixin.qq.com/s?__biz=MzA5MDg1MDUyMA==&mid=2650481331&idx=2&sn=7fd4641faffbf2bc95bfc101c252429f) +* [秦安:以色列72小时内袭击6国,胡塞武装要卡塔尔五千亿灭以色列](https://mp.weixin.qq.com/s?__biz=MzA5MDg1MDUyMA==&mid=2650481331&idx=3&sn=2a31a5cdb19c2055ecff0d315a8d9528) +* [三大行业的安全防线:医疗、金融、制造业信息安全风险深度盘点](https://mp.weixin.qq.com/s?__biz=Mzg4NDc0Njk1MQ==&mid=2247487565&idx=1&sn=824bc0133a1017c662f7869294bca9b6) ## 安全分析 (2025-09-17)