SecWiki周刊（第324期） – 作者:SecWiki

安全资讯

[Web安全]  2020年第17届全国大学生信息安全与对抗技术竞赛通知（ISCC2020）

https://www.secpulse.com/archives/129104.html

安全技术

[运维安全]  年度大型攻防实战全景：红蓝深度思考及多方联合推演

https://mp.weixin.qq.com/s/GVIUbtMTynfF5ALDbhXirg

[Web安全]  $20000 Facebook DOM XSS

https://vinothkumar.me/20000-facebook-dom-xss/

[取证分析]  HFish蜜罐使用心得

https://www.freebuf.com/vuls/220646.html

[漏洞分析]  6,000+ HackerOne Disclosed Reports

http://sec.eddyproject.com/6000-hackerone-disclosed-reports/

[漏洞分析]  Double-Free BUG in WhatsApp exploit poc.[CVE-2020-11932]

https://github.com/ProjectorBUg/CVE-2020-11932

[Web安全]  开发扫描器挖掘反射型XSS (一)

https://mp.weixin.qq.com/s/T2ULAKKGmRup6FFM8-vgSg

[文档]  2020 企业级区块链安全白皮书

http://blog.nsfocus.net/wp-content/uploads/2020/05/Enterprise-Grade-Blockchain-Whitepaper-.pdf

[杂志]  SecWiki周刊（第323期)

https://www.sec-wiki.com/weekly/323

[Web安全]  Don’t Force Yourself to Become a Bug Bounty Hunter

https://samcurry.net/dont-force-yourself-to-become-a-bug-bounty-hunter/

[论文]  大数据环境下安全情报融合体系构建

https://mp.weixin.qq.com/s/bjqv8zlSEl7waKHxBNIwyA

[漏洞分析]  From a naive-looking PDF Download to SSRF via HTML Injection in AWS

https://blog.appsecco.com/server-side-request-forgery-via-html-injection-in-pdf-download-90ee4053e911

[漏洞分析]  Hyper-V internals researches (2006-2019)

https://github.com/gerhart01/Hyper-V-Internals/blob/master/HyperResearchesHistory.md

[Web安全]  中通RASP安全防护方案初探

https://mp.weixin.qq.com/s/33CtW9ErXCDWoCJRFzlVPQ

[数据挖掘]  复活Navex-使用图查询进行代码分析

https://uuuunotfound.github.io/2020/05/03/%E5%A4%8D%E6%B4%BBNavex-%E4%BD%BF%E7%94%A8%E5%9B%BE%E6%9F%A5%E8%AF%A2%E8%BF%9B%E8%A1%8C%E4%BB%A3%E7%A0%81%E5%88%86%E6%9E%90/

[其它]  Automatic Uncovering of Hidden Behaviors From Input Validation in Mobile Apps

https://securitygossip.com/blog/2020/04/14/automatic-uncovering-of-hidden-behaviors-from-input-validation-in-mobile-apps/

[取证分析]  从STIX2.1看安全智能归来

https://mp.weixin.qq.com/s/nYV3S2oYNNnKcpvNAG751w

[工具]  Hijacking Library Functions and Injecting Code Using the Dynamic Linker

https://sumit-ghosh.com/articles/hijacking-library-functions-code-injection-ld-preload/

[漏洞分析]  Analyzing Encrypted RDP Connections

https://corelight.blog/2020/05/13/analyzing-encrypted-rdp-connections/

[Web安全]  SSRF攻击姿势汇总

http://www.codersec.net/2020/05/SSRF%E6%94%BB%E5%87%BB%E5%A7%BF%E5%8A%BF%E6%B1%87%E6%80%BB/

[恶意分析]  针对南亚政府和军事组织的 BackConfig 恶意软件

https://paper.seebug.org/1202/

[恶意分析]  Pupy利用分析—Windows平台下的功能

https://3gstudent.github.io/Pupy%E5%88%A9%E7%94%A8%E5%88%86%E6%9E%90-Windows%E5%B9%B3%E5%8F%B0%E4%B8%8B%E7%9A%84%E5%8A%9F%E8%83%BD/

[Web安全]  域控提权合集

https://xz.aliyun.com/t/7726

[Web安全]  Python沙箱逃逸姿势总结

https://www.anquanke.com/post/id/205157

[漏洞分析]  从0学习WebLogic CVE-2020-2551漏洞

https://xz.aliyun.com/t/7725

[移动安全]  An Observational Investigation of Reverse Engineers’ Processes

https://securitygossip.com/blog/2020/04/28/an-observational-investigation-of-reverse-engineers-processes/

[Web安全]  IIS Raid：使用本地模块构建的IIS后门

https://www.freebuf.com/sectool/231973.html

[数据挖掘]  复杂风控场景下，如何打造一款高效的规则引擎

https://tech.meituan.com/2020/05/14/meituan-security-zeus.html

[Web安全]  内网渗透：使用ew实现socks代理

https://www.freebuf.com/sectool/234254.html

[恶意分析]  基于深度学习的物联网恶意软件家族细粒度分类研究

https://mp.weixin.qq.com/s/we1fr4_BKd7n-zVWzSRygg

[比赛]  虎符杯两道NodeJS题目的分析

https://xz.aliyun.com/t/7714

-----微信ID：SecWiki-----
SecWiki，8年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第324期)

来源：freebuf.com 2020-05-18 14:35:47 by: SecWiki