安全技术
[漏洞分析] 循序渐进分析CVE-2020-1066
https://mp.weixin.qq.com/s/TU5Obmd76QdhfQ-40UxUBQ
[Web安全] python cms审计记录
https://github.com/MisakiKata/python_code_audit/blob/master/%E5%AE%9E%E6%88%98%E6%93%8D%E4%BD%9C.md
[其它] Java 安全-RMI-学习总结
https://paper.seebug.org/1251/
[运维安全] 攻防演习-红军的反击
https://mp.weixin.qq.com/s/WrQa0XoBSak3HM1l650HEg
[工具] WMI攻击与安全防御
https://mp.weixin.qq.com/s/wA7SXfVM3jYsH1VhZqANrA
[Web安全] sqlmap绕过csrf检测进行注入
[编程技术] 安全框架之综述
https://mp.weixin.qq.com/s/4jec18NXjV6UwubzrYgwzg
[运维安全] hihttps: 一款完整源码的高性能Web应用防火墙
https://github.com/qq4108863/hihttps
[恶意分析] 代码克隆检测技术
https://www.zuozuovera.com/archives/1668/
[杂志] SecWiki周刊(第329期)
https://www.sec-wiki.com/weekly/329
[漏洞分析] 基于异常的猎杀行动——自保护触发自杀
https://www.anquanke.com/post/id/209035
[Web安全] 自动化测试工具APPium初探
https://mp.weixin.qq.com/s/wwlqd_kO7vfpP6vTPrW_6Q
[Web安全] 从0到1学会搭建小型企业拓扑到由外向内的渗透测试
https://www.anquanke.com/post/id/208992
[恶意分析] Powershell免杀的探索
[其它] Active Directory Exploitation Cheat Sheet
https://github.com/Integration-IT/Active-Directory-Exploitation-Cheat-Sheet
[Web安全] FOFA搜索结果提取技术分析
https://www.freebuf.com/sectool/238018.html
[Web安全] Java代码审计之Struts2-001
[漏洞分析] MLDetectVuln: AI算法解决大规模二进制程序函数相似性分析
https://github.com/Anemone95/MLDetectVuln
[Web安全] Linux Pam后门总结拓展
[恶意分析] Rovnix Bootkit 恶意软件相关活动分析
https://paper.seebug.org/1253/
[数据挖掘] 知识图谱之知识表示篇(一)
https://zhuanlan.zhihu.com/p/148785892
[漏洞分析] 解释器类型的Pwn题目总结
https://www.anquanke.com/post/id/208940
[Web安全] Tomcat基于Servlet的无文件webshell的相关技术研究
https://mp.weixin.qq.com/s/gYGrdDtIldzrE7NHSxTDYQ
[取证分析] 手工打造基于ATT&CK矩阵的EDR系统
https://www.freebuf.com/articles/system/239107.html
[恶意分析] Zloader的DGA算法解析
https://www.freebuf.com/articles/others-articles/238700.html
[视频] DIMVA 2020 视频列表
https://www.*******.com/watch?v=8MM0qif7Qjw&list=PLm_RjVa4jQG9hGaSZQcsWgFO87CA_iTzq
[漏洞分析] 图解利用虚函数过GS保护
https://www.freebuf.com/vuls/238736.html
[数据挖掘] 标签传播算法解读
https://mp.weixin.qq.com/s/dX6CouK7LGNbXsRxRnS26w
[设备安全] 设备固件提取小结
https://www.freebuf.com/articles/terminal/229567.html
[Web安全] PWDB – New generation of Password Mass-Analysis
https://github.com/FlameOfIgnis/Pwdb-Public
[恶意分析] APT的思考: PowerShell命令混淆高级对抗
https://mp.weixin.qq.com/s/Sg0LK8emSWP1m-yds4VGrQ
[Web安全] Java Deserialization Exploitation With Customized Ysoserial Payloads
https://rhinosecuritylabs.com/research/java-deserializationusing-ysoserial/
[运维安全] Recovering Credentials from a Process inside a Docker Container using Docker Checkpoint
[其它] SPIDER: Enabling Fast Patch Propagation in Related Software Repositories
[Web安全] Using SQL Injection to perform SSRF/XSPA attacks
https://ibreak.software/2020/06/using-sql-injection-to-perform-ssrf-xspa-attacks/
[取证分析] Mining DNS MX Records for Fun and Profit
https://medium.com/@jason_trost/mining-dns-mx-records-for-fun-and-profit-7a069da9ee2d
-----微信ID:SecWiki----- SecWiki,8年来一直专注安全技术资讯分析! SecWiki:https://www.sec-wiki.com
本期原文地址: SecWiki周刊(第330期)
来源:freebuf.com 2020-06-29 09:10:54 by: SecWiki
请登录后发表评论
注册