SecWiki周刊(第319期) – 作者:SecWiki

安全技术

[比赛]  记一次360众测仿真实战靶场考核WP

https://xz.aliyun.com/t/7547

[Web安全]  对某大型企业的一次web漏洞挖掘过程

https://mp.weixin.qq.com/s/GuJgbLfJobTcJ2FMii3IzA

[Web安全]  从0到1认识DNS重绑定攻击

https://xz.aliyun.com/t/7495

[恶意分析]  常见的web容器后门笔记

https://mp.weixin.qq.com/s/-cmM1k3–H6p1ditfQHPEw

[运维安全]  记一次编写安全资产管理平台

https://www.freebuf.com/sectool/231097.html

[Web安全]  六种bypass安全软件防护执行的方式

https://mp.weixin.qq.com/s/sfxJbyJMB6FyGfa6H0G3hA

[运维安全]  大型互联网应用安全SDL体系建设实践

https://mp.weixin.qq.com/s/STBzFf-NtfbDEA5s9RBdaw

[恶意分析]  QQ二维码登陆机制分析+双重SSRF钓鱼利用

https://www.freebuf.com/vuls/229694.html

[漏洞分析]  工具推荐系列 – sigcheck文件签名检测

https://mp.weixin.qq.com/s/4oFtOAT-mRYrOuxBIe4XLA

[Web安全]  awesome-web-security: List of Web Security materials and resources

https://github.com/qazbnm456/awesome-web-security

[Web安全]  针对某国际信息通信公司从前期探测到内网提权的一次成功漏洞测试

https://www.freebuf.com/vuls/230441.html

[恶意分析]  工具推荐系列 – PESecurity编译选项安全检测

https://mp.weixin.qq.com/s/9feawxqHRQHUazF-oX6VOQ

[运维安全]  Shadowsocks—基于二次混淆加密传输的数据保密性原理分析

https://mp.weixin.qq.com/s/OPpAjg8GazuicnjmME3P6A

[编程技术]  Badusb 攻击之MacOSX系统实战

https://bacde.me/post/Badusb-Attack-On-Mac-OSX/

[运维安全]  Wazuh:如何对异构数据进行关联告警

https://www.freebuf.com/sectool/230505.html

[漏洞分析]  Fuzzowski:一款功能强大的网络协议模糊测试工具

https://www.freebuf.com/sectool/227869.html

[编程技术]  浅析HTTP走私攻击

https://mp.weixin.qq.com/s/IMZrvJGQjcLBZS74kMWRnA

[取证分析]  ATT&CK矩阵Linux系统安全实践

https://www.freebuf.com/articles/es/231784.html

[漏洞分析]  Attacks Simultaneously Exploiting Vulnerability in IE and Firefox

https://blogs.jpcert.or.jp/en/2020/04/ie-firefox-0day.html

[运维安全]  零信任架构实战系列:干掉密码,无密码化方案落地

https://mp.weixin.qq.com/s/xs-xybNs6Ha6_-Qr_EE-qw

[恶意分析]  “震网”三代和二代漏洞技术分析报告

https://mp.weixin.qq.com/s/qc25c_nuUax6UoknAVLrAw

[杂志]  SecWiki周刊(第318期)

https://www.sec-wiki.com/weekly/318

[论文]  安全漏洞报告的差异性测量

https://mp.weixin.qq.com/s/h6xLJyqybGASORugqsvmgg

[漏洞分析]  Exploiting CVE-2020-0041 – Part 1: Escaping the Chrome Sandbox

https://labs.bluefrostsecurity.de/blog/2020/03/31/cve-2020-0041-part-1-sandbox-escape/

[其它]  一文掌握CTF中Python全部考点

https://mp.weixin.qq.com/s/Lj4nCz0hag-AKQF_s79fQw

[漏洞分析]  Exploiting CVE-2020-0041 – Part 2: Escalating to root

https://labs.bluefrostsecurity.de/blog/2020/04/08/cve-2020-0041-part-2-escalating-to-root/

[Web安全]  内网渗透-windows持久性后门

https://mp.weixin.qq.com/s/iFzYsWiWneAE_zGGZo7Miw

[恶意分析]  DDG的新征程——自研P2P协议构建混合P2P网络

https://blog.netlab.360.com/ddg-upgrade-to-new-p2p-hybrid-model/

[Web安全]  内网渗透-域环境权限维持

https://mp.weixin.qq.com/s/sSx9ugLPAdfg1G6_AZ0l5w

[恶意分析]  Donot team 组织(APT-C-35)移动端攻击活动分析​

https://mp.weixin.qq.com/s/3j5yh8R1D8r9AxKV2qSMKA

[书籍]  Interpretable Machine Learning: A Guide for Making Black Box Models Explainable

https://christophm.github.io/interpretable-ml-book/

[恶意分析]  工具推荐系列 – Genymotion模拟器ARM转换

https://mp.weixin.qq.com/s/9F2mEKSMIb7X3Jnj0g9kJA

[Web安全]  领略cdn绕过的魅力

https://mp.weixin.qq.com/s/7wpQXujqKk03GghPbmiwMw

[恶意分析]  CATBERT — Detecting malicious emails with a bleeding-edge neural language model

https://medium.com/@sophos.ai/detecting-malicious-emails-with-a-bleeding-edge-neural-language-model-355b366d8940

[运维安全]  恶意代码分析静态分析

https://mp.weixin.qq.com/s/uVcnAPgTlnB3rIfacgi-9g

[漏洞分析]  关于Adobe PDF 0day的故事

https://mp.weixin.qq.com/s/fx8MQ8ZMhZHwrruigLFbGA

[Web安全]  合约小白初试薅羊毛

https://mp.weixin.qq.com/s/mRthg2LHNu8ATsoDNAXyVw

[漏洞分析]  TianFu Cup 2019: Adobe Reader Exploitation

https://starlabs.sg/blog/2020/04/tianfu-cup-2019-adobe-reader-exploitation/

[恶意分析]  2019年度IoT高级威胁研究笔记分享

https://docs.google.com/spreadsheets/d/1UMBFtWxfc40TAF4AIXkPZYBD8uBE6xP2HVs9dRHlTF8/edit#gid=0

[设备安全]  路由器固件编译入门

https://mp.weixin.qq.com/s/n4831yUtgN3_KKBtwM966w

[Web安全]  Bug bounty cheatsheet(Google Doc)

https://docs.google.com/document/d/1MmnlU-L5q9R55Faq9Arvqe8PPYaPAgr7n-1HL3tbBjo/edit

[移动安全]  iOS exploit chain deploys “LightSpy” feature-rich malware

https://securelist.com/ios-exploit-chain-deploys-lightspy-malware/96407/

[Web安全]  智能合约代码层漏洞小记

https://mp.weixin.qq.com/s/6fHu5MQnIT0MyeRfdLG3PQ

[Web安全]  Midnight Sun CTF 2020 WriteUp

https://mp.weixin.qq.com/s/KF0vLJdRAzcgqMaI1izwUA

-----微信ID:SecWiki-----
SecWiki,8年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第319期)

footer.png

来源:freebuf.com 2020-04-13 20:47:16 by: SecWiki

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享
评论 抢沙发

请登录后发表评论