SecWiki周刊(第306期) – 作者:SecWiki

安全资讯

[法规]  网络信息内容生态治理规定

http://www.cac.gov.cn/2019-12/20/c_1578375159509309.htm

[新闻]  DARPA发布战略框架文件《保障国家安全的突破性技术和新能力》

https://mp.weixin.qq.com/s/D23I3qEpMs8eOFKy8w2RJg

安全技术

[Web安全]  渗透基础——活动目录信息的获取

https://3gstudent.github.io/%E6%B8%97%E9%80%8F%E5%9F%BA%E7%A1%80-%E6%B4%BB%E5%8A%A8%E7%9B%AE%E5%BD%95%E4%BF%A1%E6%81%AF%E7%9A%84%E8%8E%B7%E5%8F%96/

[Web安全]  日志分析系列(二):平台实现篇

https://mp.weixin.qq.com/s/uc-fHmIseYuxrRSkCxYeaQ

[其它]  商业网络培训靶场的发展态势综述

https://mp.weixin.qq.com/s/Cjd7CCR0kZESP2GHX1oOvQ

[杂志]  SecWiki周刊(第305期)

https://www.sec-wiki.com/weekly/305

[编程技术]  闯荡Linux帝国:nginx的创业故事

https://mp.weixin.qq.com/s/brUQ8m3oAxYaJeSNa4qAFQ

[漏洞分析]  ThinkPHP v5.0.x 反序列化利用链挖掘

https://www.anquanke.com/post/id/196364

[文档]  电信网络诈骗治理与人工智 能应用白皮书(2019 年)

http://pg.jrj.com.cn/acc/Res/CN_RES/INDUS/2019/12/31/934f8942-0608-400b-abe2-71dd4549c385.pdf

[数据挖掘]  大数据安全分析平台搭建&相关经验分享

https://mp.weixin.qq.com/s/hvLN83rPiNLw6cmrYDRPpA

[移动安全]  2019年移动安全总结

https://mp.weixin.qq.com/s/p41sAdGJzHx-CuulwycMJw

[Web安全]  深入研究Pass-the-Hash攻击与防御

https://xz.aliyun.com/t/7051

[恶意分析]  谈谈情报引领的安全体系建设落地

https://mp.weixin.qq.com/s/uLP2DzH5W2PcLCKZl7Cpsw

[Web安全]  安全开源项目之分布式被动安全扫描

https://mp.weixin.qq.com/s/VwhALBXqIPOh87Ll3ISVHQ

[数据挖掘]  IPv6地址扫描方法研究综述

https://mp.weixin.qq.com/s/N87PZ783qY1JBe5Xm_tDsg

[Web安全]  SSH加密隧道之端口转发

https://payloads.cn/2020/0109/ssh-encrypted-tunnel-port-forwarding.html

[Web安全]  Java动态类加载,当FastJson遇上内网

https://mp.weixin.qq.com/s/ou3L-IU1CNr9EGkpjH2u0w

[取证分析]  Honware: A Virtual Honeypot Framework for Capturing CPE and IoT Zero Days

https://www.lightbluetouchpaper.org/2020/01/04/honware-a-virtual-honeypot-framework-for-capturing-cpe-and-iot-zero-days/

[比赛]  Hacker101 CTF Encrypted Pastebin write-up

https://xz.aliyun.com/t/7054

[编程技术]  内核地址空间大冒险:系统调用

https://mp.weixin.qq.com/s/esc9gWg42vyPkT58HCKNgg

[恶意分析]  恶意域名检测中的流量特征分析

https://mp.weixin.qq.com/s/rvPo_ufBwvdAUoVIv__xCg

[取证分析]  基于ATT&CK+SOAR的运营实践

https://mp.weixin.qq.com/s/Z1sAbpSYZXYBO5qpgvjXlQ

[Web安全]  Empire的进攻性研究

https://xz.aliyun.com/t/7071

[恶意分析]  2019僵尸网络DDoS攻击监测总结

https://mp.weixin.qq.com/s/FGt-y3KxGPRP-FT2ubDOZA

[Web安全]  Blind SQL Injection without an “in”

https://medium.com/@terjanq/blind-sql-injection-without-an-in-1e14ba1d4952

[论文]  OpenKG论文浅尝2019年论文汇编(20+篇知识图谱相关论文笔记)

http://openkg.cn/dataset/2a29c161-0ac0-409b-bfd5-0fead34e3e61

[漏洞分析]  针对物联网设备的模糊测试概述

https://mp.weixin.qq.com/s/pbOOkxrV0HJFzQicJ0m6Cg

[漏洞分析]  基于AFL的Java程序Fuzz工具:Kelinci

https://www.freebuf.com/sectool/224294.html

[数据挖掘]  我眼中的数据安全治理

https://www.freebuf.com/articles/database/224617.html

[漏洞分析]  Fortinet FortiSIEM Hardcoded SSH Key

https://seclists.org/fulldisclosure/2020/Jan/10

[其它]  聊聊区块链中的几个技术点

https://paper.seebug.org/1110/

[设备安全]  物联网安全系列之远程破解Google Home

https://mp.weixin.qq.com/s/4kO3pU_tCDZmgj2CkROzMg

[数据挖掘]  2019年NLP领域总结回顾

https://mp.weixin.qq.com/s/7ROSm_wQNMAKLWUR0djVLQ

[漏洞分析]  pwn的艺术浅谈(一):linux栈溢出

https://www.anquanke.com/post/id/196954

[论文]  网络空间安全国际学术成果分享(上)

https://www.inforsec.org/wp/?p=3810

[运维安全]  ATT&CK for ICS

https://medium.com/mitre-attack/launching-attack-for-ics-2be4d2fb9b8

[恶意分析]  机器学习与恶意代码检测

https://www.freebuf.com/articles/others-articles/224051.html

[漏洞分析]  CVE-2017-11882理论以及实战样本分析

https://mp.weixin.qq.com/s/d3owzqQFhHNVoPFIyxWZsQ

[运维安全]  Hunter 中通DevSecOps闭环方案

https://github.com/ztosec/hunter

[恶意分析]  Manually Unpacking UPX Executables

https://kindredsec.com/2020/01/07/the-basics-of-packed-malware-manually-unpacking-upx-executables/

[漏洞分析]  pwn的艺术浅谈(二):linux堆相关

https://paper.seebug.org/1109/

[数据挖掘]  知识图谱构建技术综述与实践

https://zhuanlan.zhihu.com/p/69360094

[论文]  G.O.S.S.I.P 安全学术会议排行榜(2019版)

https://feysh.com/ranking/

[漏洞分析]  CVE-2019-1215 Analysis of a Use After Free in ws2ifsl

https://labs.bluefrostsecurity.de/blog/2020/01/07/cve-2019-1215-analysis-of-a-use-after-free-in-ws2ifsl/

[Web安全]  The Cypher Injection Saga

https://sidechannel.tempestsi.com/the-cypher-injection-saga-9698d19bed4

[Web安全]  The Bug That Exposed Your PayPal Password

https://medium.com/@alex.birsan/the-bug-that-exposed-your-paypal-password-539fc2896da9

[工具]  DNS Beacon through DNSMasq Redirectors

http://www.offensiveops.io/red-team/dns-beacon-through-dnsmasq-redirectors/

[漏洞分析]  A tale of a lesser known NFS privesc

https://www.errno.fr/nfs_privesc

-----微信ID:SecWiki-----
SecWiki,8年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第306期)

footer.png

来源:freebuf.com 2020-01-13 18:19:50 by: SecWiki

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享
评论 抢沙发

请登录后发表评论