安全资讯
[观点] 美国国防高级研究计划局未来网络安全研发趋势分析
https://mp.weixin.qq.com/s/gWrMODC3Rkznk-swglI0Qw
安全技术
[恶意分析] 闲谈Webshell实战应用
https://www.anquanke.com/post/id/206664
[Web安全] 一次曲折的渗透测试之旅
https://mp.weixin.qq.com/s/4bFC1GdiRZe9ygazXb1pnA
[Web安全] weblogic t3协议回显穿透nat以及获取内网地址
https://mp.weixin.qq.com/s/cwkZXWCOKYpLDK9o_J_G1w
[取证分析] 基于机器学习的GitHub敏感信息泄露监控
https://www.anquanke.com/post/id/205969
[漏洞分析] Fuzzing战争: 从刀剑弓斧到星球大战
https://mp.weixin.qq.com/s/nREiT1Uj25igCMWu1kta9g
[Web安全] sqlmap关于MSSQL执行命令研究
https://mp.weixin.qq.com/s/U1MaRyNJjiX4yxZt1TW4TA
[取证分析] 由喝啤酒引发的军事情报人员信息泄露
https://mp.weixin.qq.com/s/sJyTd50SukIFuVjPSTrFDQ
[漏洞分析] “网鼎杯”朱雀之战——魔法房间题解
https://mp.weixin.qq.com/s/4vgBmesl2KICNSoDEep_5Q
[工具] DNSLOG平台搭建从0到1
https://mp.weixin.qq.com/s/NL6sHFhOgumQh7oFZNLgYQ
[其它] 微信小程序的渗透五脉
https://www.hackinn.com/index.php/archives/672/
[恶意分析] 使用 ZoomEye 寻找 APT 攻击的蛛丝马迹
https://paper.seebug.org/1219/
[Web安全] testing_wave: 被动式web扫描器
https://github.com/guimaizi/testing_wave
[会议] DIMVA 2020 论文录用列表
https://mp.weixin.qq.com/s/vdzrImsGD7dnPs0HZNr_SQ
[Web安全] Moodle DOM Stored XSS to RCE
https://cube01.io/blog/Moodle-DOM-Stored-XSS-to-RCE.html
[文档] 基于深度学习的恶意流量检测
https://drive.google.com/file/d/14ZeveFdsWkxEA9vAiUSmpPygpcisRGMC/view
[文档] IPv6 地址发现
https://drive.google.com/file/d/1g4LG-vyOL92kNiUmweA-IuuSRP4wvvIj/view
[恶意分析] APT的思考: CMD命令混淆高级对抗
https://mp.weixin.qq.com/s/hJ6gn9EMKNmMOofEg3i6Iw
[Web安全] 浅析域渗透中的组策略利用
[Web安全] OXID eShop 6.x below 6.3.4 SQL Injection (SQLi) to RCE Vulnerability Exploit
https://www.vulnspy.com/en-oxid-eshop-6.x-sqli-to-rce/
[论文] 沈向洋:读论文的三个层次
https://weibo.com/ttarticle/p/show?id=2309404509982170152995
[Web安全] Apache CommonCollection Gadget几种特殊的玩法
https://mp.weixin.qq.com/s/xwEOpEkPurwP119tonUzVQ
[恶意分析] 基于域名图谱嵌入的恶意域名挖掘
https://mp.weixin.qq.com/s/LeK6QYHwd3k3UlyAuSkcZA
[运维安全] 零信任解决方案白皮书
https://mp.weixin.qq.com/s/ZkuR5bDGYpXySUcuROcb7Q
[漏洞分析] Thinkphp5代码执行学习
[设备安全] S7CommPlus协议研究
https://www.anquanke.com/post/id/206579
[Web安全] codeql学习——污点分析
[恶意分析] 从DNS角度看NTP pool服务器的使用
https://blog.netlab.360.com/look-at-ntp-pool-using-dns-data/
[漏洞分析] Magic [probably] behind Hex-Rays
https://engineering.avast.io/magic-probably-behind-hex-rays/
[运维安全] 全链路自动化监控平台的探索与实践
https://mp.weixin.qq.com/s/j44LMlItuTodfJvL_YGTUA
[设备安全] 加密固件分析实战
https://www.freebuf.com/articles/terminal/234978.html
[杂志] SecWiki周刊(第325期)
https://www.sec-wiki.com/weekly/325
[数据挖掘] 全面了解风控数据体系
https://mp.weixin.qq.com/s/PCRzPGGBXG7cJAInylkCRg
[工具] Look for traces of APT attacks through the ZoomEye history api
https://paper.seebug.org/1220/
[恶意分析] From Agent.BTZ to ComRAT v4: A ten‑year journey
https://www.welivesecurity.com/2020/05/26/agentbtz-comratv4-ten-year-journey/
-----微信ID:SecWiki----- SecWiki,8年来一直专注安全技术资讯分析! SecWiki:https://www.sec-wiki.com
本期原文地址: SecWiki周刊(第326期)
来源:freebuf.com 2020-06-01 22:49:30 by: SecWiki
请登录后发表评论
注册