SecWiki周刊(第316期) – 作者:SecWiki

安全技术

[Web安全]  XSS入门到进阶(附Fuzzing+BypassWAF+Payloads)

https://mp.weixin.qq.com/s/EOPCstDYmFVtaLYNcUQLzA

[Web安全]  讨论网络安全测试工具的发展

https://mp.weixin.qq.com/s/hW0A1jwq-pm4M-4LGUZIrA

[工具]  SMBGhost 蓝屏代码(已测可用)

https://bacde.me/post/smbghost-crash-poc/

[工具]  AWVS 13 Docker版本(破解后)

https://bacde.me/post/awvs-13-docker-cracked/

[Web安全]  OSCP经验

https://xiaix.me/oscpjing-yan/

[设备安全]  后门技巧之使用网站关键字进行反连

https://mp.weixin.qq.com/s/ZPBRs-bYHTzkfDpQMOYXng

[Web安全]  Cobalt Strike折腾踩坑填坑记录

https://xz.aliyun.com/t/7375

[Web安全]  Linux下利用SUID提权

https://mp.weixin.qq.com/s/UfPLm53gAlc_z28kH4OYHQ

[漏洞分析]  漫谈WebLogic CVE-2020-2551

https://www.anquanke.com/post/id/201005

[运维安全]  asset-scan: 甲方企业的外网资产周期性扫描监控系统

https://github.com/ATpiu/asset-scan

[Web安全]  日志分析系列(三):分析实战篇

https://mp.weixin.qq.com/s/h2pHi3PVn_92aEIOvB1Yjg

[数据挖掘]  浅谈DDoS攻防对抗中的AI实践

https://mp.weixin.qq.com/s/5v38BBewMVXZbbN2oMYg0A

[运维安全]  OpenResty 最佳实践

https://github.com/moonbingbing/openresty-best-practices

[Web安全]  基于tomcat的内存 Webshell 无文件攻击技术

https://xz.aliyun.com/t/7388

[Web安全]  文件包含 or 代码执行

https://mp.weixin.qq.com/s/IkK2Gn_7ghlxMvksZB2HcA

[其它]  DCSA船舶网络安全实施指南

https://dcsa.org/wp-content/uploads/2020/03/DCSA-Implementation-Guideline-for-BIMCO-Compliant-Cyber-Security-on-Vessels-v1.0.pdf

[Web安全]  windows hash 抓取总结

https://mp.weixin.qq.com/s/jaJi2hXoKKrDbEm1kcY16g

[论文]  Euro S&P 2020 论文录用列表

https://mp.weixin.qq.com/s/tIUS121s3JPOg7yC0j2rNQ

[其它]  国内在线水利水文系统安全威胁分析报告

https://blog.zhifeng.io/security-threat-analysis-report-of-water-conservancy-system/

[Web安全]  开发简单的PHP混淆器与解混淆器

https://blog.zsxsoft.com/post/42

[其它]  BigIP Cookie 解码获取真实IP

https://bacde.me/post/bigip-cookie-decode-get-real-ip/

[观点]  SDL已死,应用安全路在何方?

https://mp.weixin.qq.com/s/tYRiKiI7bjgyzQguMA1mrw

[其它]  带你入坑CTF-MISC(编码篇)

https://mp.weixin.qq.com/s/PdMuaK2yVhP4VxTpcjR37g

[设备安全]  大工PLC-远程启停攻击实验

https://mp.weixin.qq.com/s/k9tSpQaaeJ7QKSa9cb_bWg

[设备安全]  路由器固件后门添加

https://mp.weixin.qq.com/s/7tPFO-sqgah_4fbL9t1e5Q

[Web安全]  巧用匿名函数绕过D盾

https://www.freebuf.com/articles/web/229649.html

[移动安全]  细品新政策法规下的APP个人信息收集检测

https://mp.weixin.qq.com/s/BF6vNewF3JK-EHr7KWT8HA

[数据挖掘]  Boss of the SOC v3 Dataset Released

https://www.splunk.com/en_us/blog/security/botsv3-dataset-released.html

[恶意分析]  威胁狩猎101文档

https://mp.weixin.qq.com/s/0hOtnTz9QrKlLivAobjU7Q

[恶意分析]  自动化恶意域名检测揭秘

https://mp.weixin.qq.com/s/QV8ErKHow3b-AMp6HMzKQg

[杂志]  SecWiki周刊(第315期)

https://www.sec-wiki.com/weekly/315

[漏洞分析]  Bug Bounty:绕过Google域检测

https://xz.aliyun.com/t/7384

[Web安全]  Bypassing Crowdstrike Falcon 1:大力出奇迹

https://mp.weixin.qq.com/s/x0uGrnMXbzAAV9Q9bxR7SQ

[Web安全]  内网渗透-net-NTLM hash的攻击

https://www.anquanke.com/post/id/200649

[漏洞分析]  LILIN DVR 在野0-day 漏洞分析报告

https://blog.netlab.360.com/multiple-botnets-are-spreading-using-lilin-dvr-0-day/

[论文]  如何以初学者角度写好一篇国际学术论文

https://mp.weixin.qq.com/s/zwTlXBrZiC88y9F5DDU0_g

[取证分析]  Real-time file monitoring on Windows with osquery

https://blog.trailofbits.com/2020/03/16/real-time-file-monitoring-on-windows-with-osquery/

[无线安全]  蓝牙安全之Class of device

https://mp.weixin.qq.com/s/TIYvcThrfO**0rqcy-VGCg

[Web安全]  加载远程XSL文件的宏免杀方法

https://mp.weixin.qq.com/s/EOPCstDYmFVtaLYNcUQLzA

[编程技术]  bashtricks :无空格执行命令

https://bacde.me/post/bashtricks-execute-commands-without-space/

[漏洞分析]  基于AppleScript的利用技术

http://noahblog.360.cn/applescript_attack/

[移动安全]  追踪与新冠状病毒相关的安卓恶意软件

https://mp.weixin.qq.com/s/fLDNLJIWwvrUUwt6Pi6T4A

-----微信ID:SecWiki-----
SecWiki,8年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第316期)

footer.png

来源:freebuf.com 2020-03-23 17:07:36 by: SecWiki

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享
评论 抢沙发

请登录后发表评论