安全资讯
[Web安全] 2020年第17届全国大学生信息安全与对抗技术竞赛通知(ISCC2020)
https://www.secpulse.com/archives/129104.html
安全技术
[运维安全] 年度大型攻防实战全景:红蓝深度思考及多方联合推演
https://mp.weixin.qq.com/s/GVIUbtMTynfF5ALDbhXirg
[Web安全] $20000 Facebook DOM XSS
https://vinothkumar.me/20000-facebook-dom-xss/
[取证分析] HFish蜜罐使用心得
https://www.freebuf.com/vuls/220646.html
[漏洞分析] 6,000+ HackerOne Disclosed Reports
http://sec.eddyproject.com/6000-hackerone-disclosed-reports/
[漏洞分析] Double-Free BUG in WhatsApp exploit poc.[CVE-2020-11932]
https://github.com/ProjectorBUg/CVE-2020-11932
[Web安全] 开发扫描器挖掘反射型XSS (一)
https://mp.weixin.qq.com/s/T2ULAKKGmRup6FFM8-vgSg
[文档] 2020 企业级区块链安全白皮书
http://blog.nsfocus.net/wp-content/uploads/2020/05/Enterprise-Grade-Blockchain-Whitepaper-.pdf
[杂志] SecWiki周刊(第323期)
https://www.sec-wiki.com/weekly/323
[Web安全] Don’t Force Yourself to Become a Bug Bounty Hunter
https://samcurry.net/dont-force-yourself-to-become-a-bug-bounty-hunter/
[论文] 大数据环境下安全情报融合体系构建
https://mp.weixin.qq.com/s/bjqv8zlSEl7waKHxBNIwyA
[漏洞分析] From a naive-looking PDF Download to SSRF via HTML Injection in AWS
[漏洞分析] Hyper-V internals researches (2006-2019)
https://github.com/gerhart01/Hyper-V-Internals/blob/master/HyperResearchesHistory.md
[Web安全] 中通RASP安全防护方案初探
https://mp.weixin.qq.com/s/33CtW9ErXCDWoCJRFzlVPQ
[数据挖掘] 复活Navex-使用图查询进行代码分析
[其它] Automatic Uncovering of Hidden Behaviors From Input Validation in Mobile Apps
[取证分析] 从STIX2.1看安全智能归来
https://mp.weixin.qq.com/s/nYV3S2oYNNnKcpvNAG751w
[工具] Hijacking Library Functions and Injecting Code Using the Dynamic Linker
https://sumit-ghosh.com/articles/hijacking-library-functions-code-injection-ld-preload/
[漏洞分析] Analyzing Encrypted RDP Connections
https://corelight.blog/2020/05/13/analyzing-encrypted-rdp-connections/
[Web安全] SSRF攻击姿势汇总
http://www.codersec.net/2020/05/SSRF%E6%94%BB%E5%87%BB%E5%A7%BF%E5%8A%BF%E6%B1%87%E6%80%BB/
[恶意分析] 针对南亚政府和军事组织的 BackConfig 恶意软件
https://paper.seebug.org/1202/
[恶意分析] Pupy利用分析—Windows平台下的功能
[Web安全] 域控提权合集
[Web安全] Python沙箱逃逸姿势总结
https://www.anquanke.com/post/id/205157
[漏洞分析] 从0学习WebLogic CVE-2020-2551漏洞
[移动安全] An Observational Investigation of Reverse Engineers’ Processes
[Web安全] IIS Raid:使用本地模块构建的IIS后门
https://www.freebuf.com/sectool/231973.html
[数据挖掘] 复杂风控场景下,如何打造一款高效的规则引擎
https://tech.meituan.com/2020/05/14/meituan-security-zeus.html
[Web安全] 内网渗透:使用ew实现socks代理
https://www.freebuf.com/sectool/234254.html
[恶意分析] 基于深度学习的物联网恶意软件家族细粒度分类研究
https://mp.weixin.qq.com/s/we1fr4_BKd7n-zVWzSRygg
[比赛] 虎符杯两道NodeJS题目的分析
-----微信ID:SecWiki----- SecWiki,8年来一直专注安全技术资讯分析! SecWiki:https://www.sec-wiki.com
本期原文地址: SecWiki周刊(第324期)
来源:freebuf.com 2020-05-18 14:35:47 by: SecWiki
请登录后发表评论
注册