安全资讯
[新闻] 中国网络安全行业分类及全景图2019H1
https://mp.weixin.qq.com/s/4O_4MvLVma_9uEQO4IU14g
[法规] 自主可控政策全景图
https://mp.weixin.qq.com/s/1AMEdl_YMXt0jjHl5RYP3A
[视频] 2019 西湖论剑-院士圆桌视频
https://mp.weixin.qq.com/s/XO38NB5whYHxcr9RaoBFXw
[观点] 美国高端智库的政策专家储备及其人才吸引机制研究—以兰德公司为例
https://mp.weixin.qq.com/s/0N8vOoO2B6a79XGG5I-j0w
安全技术
[Web安全] Weblogic反序列化远程命令执行漏洞(CNVD-C-2019-48814)
https://nosec.org/home/detail/2514.html
[Web安全] 另一种Tomcat渗透Getshell技巧
https://www.ch1ng.com/blog/147.html
[Web安全] 7kbscan-WebPathBrute Web路径暴力探测工具
https://github.com/7kbstorm/7kbscan-WebPathBrute
[恶意分析] Windows常见backdoor、权限维持方法及排查技术
[设备安全] HiSilicon DVR 黑客笔记
[取证分析] 看我如何揪出远控背后的幕后黑手
https://www.freebuf.com/vuls/200895.html
[Web安全] 代码审计初体验
https://mp.weixin.qq.com/s/yv6JQJFQSvIeJU2Z0Pn0ZA
[恶意分析] APT34攻击全本分析
http://blog.nsfocus.net/apt34-event-analysis-report/
[取证分析] LinuxCheck: linux信息收集脚本
https://github.com/al0ne/LinuxCheck
[运维安全] Linux入侵排查案例分析
https://mp.weixin.qq.com/s/ZnQuboW4jLSBz_9pEFIPxg
[Web安全] 绕过xss检测机制
https://www.cnblogs.com/xsserhaha/p/10743671.html
[漏洞分析] VTest – 漏洞测试辅助系统
https://github.com/opensec-cn/vtest
[恶意分析] 对APT34泄露工具的分析—PoisonFrog和Glimpse
https://mp.weixin.qq.com/s/gYUCTLi2GpmatGOcRODZwA
[其它] 如何绕过域账户登录失败次数的限制
https://nosec.org/home/detail/2510.html
[Web安全] CaidaoMitmProxy:基于HTTP代理中转菜刀过WAF
https://www.ch1ng.com/blog/173.html
[取证分析] IP 定位 逆向追踪溯源访客真实身份调查取证
[恶意分析] 开源powershell CMD bash命令混淆检测工具
https://github.com/We5ter/Flerken
[数据挖掘] 在社交网络上刷粉刷量,技术上是如何实现的?
https://www.infoq.cn/article/ceDbB*8IpzJrwyIJ8v1J
[数据挖掘] DDoS 反射放大攻击全球探测分析
[比赛] DDCTF2019 部分 writeup 及思路
http://phantom0301.cc/2019/04/19/ddctf2019/
[无线安全] RD-10射频探测器-隐藏摄像头侦查器中文手册
https://mp.weixin.qq.com/s/Q12ScpUctVqg7aC3BRVLeg
[Web安全] VulnHub靶机学习——Fristileaks实战记录
https://mp.weixin.qq.com/s/QnTjOKqhLhP0TxcJ8CkszQ
[漏洞分析] Drupal 1-click to RCE分析
https://lorexxar.cn/2019/04/19/drupal-1-click-rce/
[比赛] 2019-DDCTF-WEB-WriteUp
[观点] 关于编程教育的思考
https://www.cnblogs.com/xsserhaha/p/10685322.html
[编程技术] 如何打造自己的PoC框架-Pocsuite3-使用篇
[恶意分析] DNS based threat hunting and DoH (DNS over HTTPS)
https://blog.redteam.pl/2019/04/dns-based-threat-hunting-and-doh.html?m=1
[编程技术] 手把手教你写爬虫
https://github.com/locoz666/spider-article
[Web安全] Google搜索中的突变XSS
[漏洞分析] 如何获得印度最大股票经纪公司的AWS凭证?
https://nosec.org/home/detail/2521.html
[论文] 浅谈论文写作
https://mp.weixin.qq.com/s/6vLwQ7PMwn0X2zzJlnhjaA
[漏洞分析] 利用Foxit Reader的PDF Printer实现提权
https://www.4hou.com/vulnerable/17538.html
[运维安全] 中通同安漏洞管理系统
https://mp.weixin.qq.com/s/kWK9PL_C2IW_T9i_A1Mlsw
[Web安全] Dirmap:一款高级Web目录文件扫描工具
https://www.freebuf.com/sectool/200890.html
[数据挖掘] 写给机器学习从业者的 12 条宝贵建议
https://www.infoq.cn/article/NLTXhVkMTSlsGK_dkXgh
[论文] 研究生第一篇学术论文常犯问题总结
https://mp.weixin.qq.com/s/4ue0JlvJNbSTjzUM9NDejA
[移动安全] 智能摄像头安全风险分析及对策研究
https://www.kiwisec.com/news/detail/5cc14cd4c649181e28b81f8f.html
[其它] 一步步绕过Windows域中的防火墙获取支付卡敏感数据
https://nosec.org/home/detail/2523.html
[漏洞分析] 给DNS划重点:分析ISC BIND必知必会
https://www.freebuf.com/vuls/200828.html
[视频] 从算法到工程,解读阿里巴巴大规模图表征学习框架Euler
https://v.qq.com/x/page/y08637p8dqu.html?from=timeline
[漏洞分析] 结合实例浅析壳编写的流程与难点
https://www.anquanke.com/post/id/176980
[Web安全] 三种对CORS错误配置的利用方法
https://www.freebuf.com/articles/web/200350.html
[数据挖掘] 从DCGAN到SELF-MOD:GAN的模型架构发展一览
https://kexue.fm/archives/6549
[取证分析] ct-exposer: discovers sub-domains by searching Certificate Transparency logs
https://github.com/chris408/ct-exposer
[恶意分析] threat-actor-ta505-targets-financial-enterprises
[其它] 提升云中业务集成安全性的七个步骤
https://www.infoq.cn/article/psah2GOSvCxK1gP1h-93
[取证分析] How to start learning Digital Forensics
https://medium.com/@a.alwashli/how-to-start-learning-digital-forensics-8038bcc9af6a
[恶意分析] carbanak-week-part-three-behind-the-backdoor
[恶意分析] Operation ShadowHammer: a high-profile supply chain attack
https://securelist.com/operation-shadowhammer-a-high-profile-supply-chain-attack/90380/
[移动安全] 移动应用安全基础篇——绕过iOS越狱检测
https://mp.weixin.qq.com/s/DsmgR6BT5UOg9IBa4_-jhg
[Web安全] cmsprint: CMS和中间件指纹库
https://github.com/Lucifer1993/cmsprint
[Web安全] 浅谈RASP技术攻防之实战[代码实现篇]
https://www.03sec.com/3239.shtml
[Web安全] Gitlab+Jenkins+SonarQube 实现代码审计指南
https://bloodzer0.github.io/ossa/other-security-branch/devsecops/gjs/
[数据挖掘] CyberTwitter: Using Twitter to generate alerts for Cybersecurity Threats and Vul
https://mp.weixin.qq.com/s/YIwLaXNqjvW7fky5nJmiDw
[恶意分析] Analysis of an IRC based Botnet
https://www.stratosphereips.org/blog/2019/4/12/analysis-of-a-irc-based-botnet
[视频] How to Predict Which Vulnerabilities Will Be Exploited
https://www.usenix.org/conference/enigma2019/presentation/dumitras
[恶意分析] Datacon DNS攻击流量识别 内测笔记
http://momomoxiaoxi.com/%E6%95%B0%E6%8D%AE%E5%88%86%E6%9E%90/2019/04/24/datacondns1/
[数据挖掘] 风控对抗中的常规特征及处置选择
https://zhuanlan.zhihu.com/p/62525083
[工具] 用普通权限的域帐户获得域环境中所有DNS解析记录
https://nosec.org/home/detail/2527.html
[比赛] 聊聊AWD攻防赛流程及准备经验
https://www.freebuf.com/articles/network/201222.html
[Web安全] 浅谈RASP技术攻防之实战[环境配置篇]
https://www.03sec.com/3238.shtml
[数据挖掘] 基于PaddlePaddle的业界首个开源视频识别工具集
https://mp.weixin.qq.com/s/f5n9HC6jIfWcTWNxqmyvQw
[数据挖掘] 什么是语义角色标注
https://mp.weixin.qq.com/s/PVzVNI7jMzHPcUbL7UaCIQ
-----微信ID:SecWiki----- SecWiki,8年来一直专注安全技术资讯分析! SecWiki:https://www.sec-wiki.com
来源:freebuf.com 2019-04-29 22:40:32 by: SecWiki
请登录后发表评论
注册