SecWiki周刊(第256期)
2019/01/21-2019/01/27
安全资讯
Presentation Skill: 从学术到商业
https://mp.weixin.qq.com/s/Frge3EX8sEdOEuygHEJNkg
https://mp.weixin.qq.com/s/Frge3EX8sEdOEuygHEJNkg
美国发布《2019国家情报战略》
https://mp.weixin.qq.com/s/44RDuUmw00Rz_LQeU4QJOQ
https://mp.weixin.qq.com/s/44RDuUmw00Rz_LQeU4QJOQ
2018年国际网络安全形势回顾
https://mp.weixin.qq.com/s/B9ZKTBS8VsvAkUUKI7hrUQ
https://mp.weixin.qq.com/s/B9ZKTBS8VsvAkUUKI7hrUQ
2018 年度国内外网络空间安全形势回顾
https://mp.weixin.qq.com/s/tQmQljt0pWxWfTtd7_1bIw
https://mp.weixin.qq.com/s/tQmQljt0pWxWfTtd7_1bIw
安全技术
OpenDnsdb: 去哪儿网OPS团队开源的DNS管理系统
https://github.com/qunarcorp/open_dnsdb
https://github.com/qunarcorp/open_dnsdb
iOS渗透测试工具,第3篇:Frida与Objection
https://nosec.org/home/detail/2192.html
https://nosec.org/home/detail/2192.html
公链安全之以太坊君士坦丁堡重入漏洞分析
https://bcsec.org/index/detail/tag/2/id/465
https://bcsec.org/index/detail/tag/2/id/465
基于网络特征学习的个性化推荐系统 01
https://mp.weixin.qq.com/s/9hHDIrm32iPrX7xEHP_AKg
https://mp.weixin.qq.com/s/9hHDIrm32iPrX7xEHP_AKg
工业控制系统网络杀伤链(The ICS Cyber Kill Chain)
https://zhuanlan.zhihu.com/p/55119502
https://zhuanlan.zhihu.com/p/55119502
PhpSpreadsheet 1.5.0 XXE漏洞复现及分析
https://www.anquanke.com/post/id/170068
https://www.anquanke.com/post/id/170068
企业级自动化代码安全扫描实战
https://mp.weixin.qq.com/s/T6EYwGpEQr64OGXGj2R5eA
https://mp.weixin.qq.com/s/T6EYwGpEQr64OGXGj2R5eA
Abusing Exchange: One API call away from Domain Admin
https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/
https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/
大规模多租户数据平台安全思考(二)
https://www.anquanke.com/post/id/169959
https://www.anquanke.com/post/id/169959
2018年Windows漏洞年度盘点
https://mp.weixin.qq.com/s/CtjPAuCJ1znw6pGHlpaR1w
https://mp.weixin.qq.com/s/CtjPAuCJ1znw6pGHlpaR1w
对某HWP漏洞样本的shellcode分析
https://www.anquanke.com/post/id/169872
https://www.anquanke.com/post/id/169872
2018DDoS攻击-IP团伙行为分析报告
http://blog.nsfocus.net/behavior_analysis_of_ip_chain_gangs/
http://blog.nsfocus.net/behavior_analysis_of_ip_chain_gangs/
XXE萌新进阶全攻略
https://www.freebuf.com/vuls/194112.html
https://www.freebuf.com/vuls/194112.html
TripleDoggy: 基于clang static analyzer的源码漏洞检测插件
https://github.com/GoSSIP-SJTU/TripleDoggy
https://github.com/GoSSIP-SJTU/TripleDoggy
多种设备基于 SNMP 协议的敏感信息泄露漏洞数据分析报告
https://paper.seebug.org/795/
https://paper.seebug.org/795/
2019年哈尔滨ASC安全峰会的会议PPT
https://github.com/ansionasc/ASC/tree/master/2019
https://github.com/ansionasc/ASC/tree/master/2019
SecWiki周刊(第255期)
https://www.sec-wiki.com/weekly/255
https://www.sec-wiki.com/weekly/255
固件的逆向解包及破解方法
http://www.bincker.net/?p=835
http://www.bincker.net/?p=835
基于网络特征学习的个性化推荐系统 03#
https://mp.weixin.qq.com/s/O7f9p5kGIiH0M7kMcRMD7w
https://mp.weixin.qq.com/s/O7f9p5kGIiH0M7kMcRMD7w
大规模多租户数据平台安全思考(一)
https://www.anquanke.com/post/id/169958
https://www.anquanke.com/post/id/169958
vmware-exploitation: A bunch of links related to VMware escape exploits
https://github.com/xairy/vmware-exploitation
https://github.com/xairy/vmware-exploitation
IPOsint: Discovery IP Address of the target
https://github.com/j3ssie/IPOsint
https://github.com/j3ssie/IPOsint
深度长文:细说iOS代码签名
http://xelz.info/blog/2019/01/11/ios-code-signature/
http://xelz.info/blog/2019/01/11/ios-code-signature/
基于网络特征学习的个性化推荐系统 02#
https://mp.weixin.qq.com/s/ZLFnltcraIBuYOSjyhSCmQ
https://mp.weixin.qq.com/s/ZLFnltcraIBuYOSjyhSCmQ
Check Point Forensic Files: GandCrab Returns with Friends (Trojans)
https://blog.checkpoint.com/2019/01/18/check-point-forensic-files-gandcrab-returns-with-friends-trojans/
https://blog.checkpoint.com/2019/01/18/check-point-forensic-files-gandcrab-returns-with-friends-trojans/
FANCI: 基于特征的自动NXDomain分类和情报
http://www.arkteam.net/?p=4210
http://www.arkteam.net/?p=4210
Scrutiny on the bug bounty
https://xz.aliyun.com/t/3935
https://xz.aliyun.com/t/3935
5 Privilege Escalation Tools by Chiheb Chebbi
https://www.peerlyst.com/posts/5-privilege-escalation-tools-chiheb-chebbi?utm_source=twitter&utm_medium=social&utm_content=peerlyst_post&utm_campaign=peerlyst_shared_post
https://www.peerlyst.com/posts/5-privilege-escalation-tools-chiheb-chebbi?utm_source=twitter&utm_medium=social&utm_content=peerlyst_post&utm_campaign=peerlyst_shared_post
The wolf of name street hijackingdomains through their nameservers
https://mp.weixin.qq.com/s/Hwngr-y3KcK5WnR0AIZ0Kg
https://mp.weixin.qq.com/s/Hwngr-y3KcK5WnR0AIZ0Kg
BinCAT, our static binary code analyzer for reversers
https://github.com/airbus-seclab/bincat/releases/tag/v1.1
https://github.com/airbus-seclab/bincat/releases/tag/v1.1
关于风控预警体系的搭建方案
https://mp.weixin.qq.com/s/2r61XB_Po4s3ihkLy46xbA
https://mp.weixin.qq.com/s/2r61XB_Po4s3ihkLy46xbA
利用msbuild.exe绕过应用程序白名单安全机制的多种姿势
https://nosec.org/home/detail/2193.html
https://nosec.org/home/detail/2193.html
Rooting Nagios Via Outdated Libraries
https://medium.com/tenable-techblog/rooting-nagios-via-outdated-libraries-bb79427172
https://medium.com/tenable-techblog/rooting-nagios-via-outdated-libraries-bb79427172
html-similarity: Compare html similarity using structural and style metrics
https://github.com/matiskay/html-similarity
https://github.com/matiskay/html-similarity
Digital Forensics – PlugX and Artifacts left behind | Count Upon Security
https://countuponsecurity.com/2018/06/20/digital-forensics-plugx-and-artifacts-left-behind/
https://countuponsecurity.com/2018/06/20/digital-forensics-plugx-and-artifacts-left-behind/
Vidar窃密木马分析(下)
https://www.anquanke.com/post/id/170193
https://www.anquanke.com/post/id/170193
We're under attack! 23 Node.js security best practices
https://medium.com/@nodepractices/were-under-attack-23-node-js-security-best-practices-e33c146cb87d
https://medium.com/@nodepractices/were-under-attack-23-node-js-security-best-practices-e33c146cb87d
analysis-exposure-change-assets-iot-2018
http://blog.nsfocus.net/analysis-exposure-change-assets-iot-2018/
http://blog.nsfocus.net/analysis-exposure-change-assets-iot-2018/
black-energy-analysis
https://marcusedmondson.com/2019/01/18/black-energy-analysis/
https://marcusedmondson.com/2019/01/18/black-energy-analysis/
Automatic string formatting deobfuscation
https://xz.aliyun.com/t/3906
https://xz.aliyun.com/t/3906
Vidar窃密木马分析(上)
https://www.anquanke.com/post/id/170191
https://www.anquanke.com/post/id/170191
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第256期)
