SecWiki周刊(第266期)
2019/04/01-2019/04/07
安全资讯
揭秘高利贷与黑产的血色战争
https://mp.weixin.qq.com/s/AK6_wP_JtMW5DxzRyWaXXg
https://mp.weixin.qq.com/s/AK6_wP_JtMW5DxzRyWaXXg
美国常春藤名校Georgia Tech曝出影响130万人的数据泄漏事件
https://nosec.org/home/detail/2450.html
https://nosec.org/home/detail/2450.html
安全技术
一个XSS挖矿马的曲折历程
https://mp.weixin.qq.com/s/SnYoJlCpJDU4sqo3T4Q8EA
https://mp.weixin.qq.com/s/SnYoJlCpJDU4sqo3T4Q8EA
Weblogic漏洞——从入门到放弃
https://mp.weixin.qq.com/s/X0mCJECAzyqxDBwhlP_3hg
https://mp.weixin.qq.com/s/X0mCJECAzyqxDBwhlP_3hg
网络空间安全的RSS订阅
https://github.com/zer0yu/CyberSecurityRSS
https://github.com/zer0yu/CyberSecurityRSS
RemTeam攻击技巧和安全防御
https://xz.aliyun.com/t/4602
https://xz.aliyun.com/t/4602
Burp插件 – 自动标记敏感信息
https://mp.weixin.qq.com/s/v7W33rM0HF0rJl8-qBiPUw
https://mp.weixin.qq.com/s/v7W33rM0HF0rJl8-qBiPUw
工控安全从入门到实战——概述(一)
https://mp.weixin.qq.com/s/JoBQ-RB5ANRrf2ic8ArDpQ
https://mp.weixin.qq.com/s/JoBQ-RB5ANRrf2ic8ArDpQ
AFL源码分析笔记(一)
https://xz.aliyun.com/t/4628
https://xz.aliyun.com/t/4628
S&P 2019 论文录用列表
https://mp.weixin.qq.com/s/ZHcikLKeF9ZJg9kyrX-UrA
https://mp.weixin.qq.com/s/ZHcikLKeF9ZJg9kyrX-UrA
重现 TP-Link SR20 本地网络远程代码执行漏洞
https://paper.seebug.org/879/
https://paper.seebug.org/879/
Vulncode-DB: database for vulnerabilities and corresponding source code
https://github.com/google/vulncode-db
https://github.com/google/vulncode-db
谁劫持了我的DNS:全球域名解析路径劫持测量与分析
https://mp.weixin.qq.com/s/enasXD14SMzj1Cx5grGD3w
https://mp.weixin.qq.com/s/enasXD14SMzj1Cx5grGD3w
.NET CLR注入方法探讨
https://zhuanlan.zhihu.com/p/61464591
https://zhuanlan.zhihu.com/p/61464591
Hashcat教程:利用“规则”破解密码
https://nosec.org/home/detail/2447.html
https://nosec.org/home/detail/2447.html
metinfo 6.2.0最新版本前台注入分析
https://nosec.org/home/detail/2436.html
https://nosec.org/home/detail/2436.html
[硬核文] 前端核心代码保护技术面面观
https://www.v2ex.com/t/552383
https://www.v2ex.com/t/552383
使用深度神经网络对 Twitter进行威胁检测
https://mp.weixin.qq.com/s/vsCAE-6e0jpX8wPw6Sd9eA
https://mp.weixin.qq.com/s/vsCAE-6e0jpX8wPw6Sd9eA
Google搜索的DOM型XSS漏洞
https://nosec.org/home/detail/2449.html
https://nosec.org/home/detail/2449.html
kaggle 首战拿金牌总结
https://zhuanlan.zhihu.com/p/60953933
https://zhuanlan.zhihu.com/p/60953933
document-style-guide: 中文技术文档的写作规范
https://github.com/ruanyf/document-style-guide
https://github.com/ruanyf/document-style-guide
移动应用安全基础篇——Android、ios环境准备
https://mp.weixin.qq.com/s/96cAZy8lsNYFK4c1tpTWuw
https://mp.weixin.qq.com/s/96cAZy8lsNYFK4c1tpTWuw
OSINT Primer:人员(第2部分)
https://xz.aliyun.com/t/4599
https://xz.aliyun.com/t/4599
攻击者如何通过USB攻陷微控制器固件
https://nosec.org/home/detail/2434.html
https://nosec.org/home/detail/2434.html
APT战争中脚本攻击的兵法之道
https://mp.weixin.qq.com/s/r-jAWFjtOxgd-JyVStFvsg
https://mp.weixin.qq.com/s/r-jAWFjtOxgd-JyVStFvsg
I-See-You: Bash and Javascript tool to find the exact location of user
https://github.com/Viralmaniar/I-See-You
https://github.com/Viralmaniar/I-See-You
Examining aspects of encrypted traffic through Zeek logs
https://corelight.blog/2019/02/19/examining-aspects-of-encrypted-traffic-through-zeek-logs/
https://corelight.blog/2019/02/19/examining-aspects-of-encrypted-traffic-through-zeek-logs/
在调试器里看QQLive捉迷藏
https://mp.weixin.qq.com/s/3Ft6205f8kUoCuGzB-hPtg
https://mp.weixin.qq.com/s/3Ft6205f8kUoCuGzB-hPtg
前端动态变化对抗Selenium类自动化工具思路探索
http://www.polaris-lab.com/index.php/archives/619/
http://www.polaris-lab.com/index.php/archives/619/
OSINT Primer:组织(第3部分)
https://xz.aliyun.com/t/4600
https://xz.aliyun.com/t/4600
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第266期)
