SecWiki周刊(第288期) – 作者:SecWiki

安全资讯

[新闻]  2019年上半年上市网络安全公司经营简报

https://mp.weixin.qq.com/s/huQKnnsQtLn0uVZj-wz0Uw

安全技术

[工具]  端对端加密的微信聊天插件

https://github.com/dplusec/tgwechat

[编程技术]  一款漏洞验证框架的构思

https://nosec.org/home/detail/2919.html

[Web安全]  各种反弹shell 的总结part2

https://mp.weixin.qq.com/s/S9Luvf2Drj4aDqKWUJjTwg

[数据挖掘]  大数据安全核心技术(摘自CSDN)

https://bloodzer0.github.io/ossa/data_security/big_data_security_copy/

[Web安全]  安全开源项目之越权漏洞自动化检测

https://mp.weixin.qq.com/s/vwF7aTvk-U-SnJqO3f80gA

[漏洞分析]  Grahql查询漏洞所引起的敏感信息泄露

https://nosec.org/home/detail/2922.html

[杂志]  SecWiki周刊(第287期)

https://www.sec-wiki.com/weekly/287

[运维安全]  企业如何构建有效的安全运营体系

https://mp.weixin.qq.com/s/JJkQ8S4qw0RigOoA9Xzhyw

[运维安全]  Linux环境下无文件执行elf

https://mp.weixin.qq.com/s/gz77Yy3yKPM10JsDg1oyiw

[移动安全]  [ipa破解器] 零代码一键生成免越狱ipa!

http://iosre.com/t/ipa-ipa/15494

[漏洞分析]  推特的Golden Pulse Secure SSL VPN远程命令执行攻击链条

https://nosec.org/home/detail/2924.html

[工具]  JWTPyCrack-JWT攻击脚本

https://github.com/Ch1ngg/JWTPyCrack

[其它]  网络空间搜索引擎概述

https://mp.weixin.qq.com/s/AdrOhuA0mpjCtdpWjPC1jg

[漏洞分析]  FastJson拒绝服务漏洞分析

https://nosec.org/home/detail/2933.html

[数据挖掘]  通过基于时间的侧信道攻击识别WAF规则

https://xz.aliyun.com/t/6175

[工具]  fireeye/SharPersist

https://github.com/fireeye/SharPersist

[恶意分析]  DNS 隧道通信特征与检测

http://blog.nsfocus.net/dns-tunnel-communication-characteristics-detection/

[恶意分析]  Evading Machine Learning Malware Classifiers

https://medium.com/@william.fleshman/evading-machine-learning-malware-classifiers-ce52dabdb713

[取证分析]  互联网公司数据安全保护新探索

https://tech.meituan.com/2018/05/20/data-security-protection-new-exploration.html

[恶意分析]  Deep learning rises: New methods for detecting malicious PowerShell

https://www.microsoft.com/security/blog/2019/09/03/deep-learning-rises-new-methods-for-detecting-malicious-powershell/

[运维安全]  利用ptrace和memfd_create混淆程序名和参数

https://mp.weixin.qq.com/s/ab9GKXfaNeGLiBbp6_jh-A

[数据挖掘]  百度实体链接比赛后记:行为建模和实体链接(含代码分享)

https://mp.weixin.qq.com/s/hIGmW_J5xEvLUXa4hFHzsA

[取证分析]  一种基于欺骗防御的入侵检测技术研究

https://mp.weixin.qq.com/s/6BEY9qpi0rfk1_T1k1lWmg

[比赛]  2019 suctf writeup

http://zeroyu.xyz/2019/09/05/2019-suctf-writeup/

[编程技术]  Linux环境下无文件执行elf

http://www.polaris-lab.com/index.php/archives/666/

[漏洞分析]  Logitech Unifying Vulnerabilities

https://github.com/mame82/UnifyingVulnsDisclosureRepo/tree/master/vulnerability_reports

[数据挖掘]  社交网络影响集体决策,或改变选举结果

https://mp.weixin.qq.com/s/KqyF7epXWRhaT4spGWHXSw

[漏洞分析]  Attacking SSL VPN – Part 3: The Golden Pulse Secure SSL VPN RCE Chain

http://blog.orange.tw/2019/09/attacking-ssl-vpn-part-3-golden-pulse-secure-rce-chain.html

[Web安全]  (CVE-2019-1030) Microsoft Edge – Universal XSS

https://leucosite.com/Microsoft-Edge-uXSS/

[恶意分析]  CoinBlockerLists

https://zerodot1.gitlab.io/CoinBlockerListsWeb/

-----微信ID:SecWiki-----
SecWiki,5年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第288期)

footer.png

来源:freebuf.com 2019-09-09 18:21:13 by: SecWiki

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享
评论 抢沙发

请登录后发表评论