SecWiki周刊(第271期)
2019/05/06-2019/05/12
安全资讯
三星泄露SmartThings应用程序源代码和密钥 饿了么王彬:安全即是公平 实现要靠运营 情报指挥中心加入公安部直属机关序列 布拉格5G安全大会 “布拉格提案” FBI查获DeepDotWeb并逮捕其管理员 汉堡王的儿童网上商店泄露数万条顾客信息 赛门铁克公司加入美国防部的网络威胁情报共享项目
安全技术
EL3 Tour: Get the Ultimate Privilege of Android Phone 免费的计算机编程类中文书籍 SonarQube+DependencyCheck实现第三方依赖安全扫描 Android安全的思维导图 金融风控反欺诈之图算法 HTTPDecrypt: 利用HTTP协议 远程加解密数据包,实现Burp一条龙服务 2019 虎鲸杯电子取证大赛赛后复盘总结 从攻守日志 看网络江湖的快意恩仇 聊聊服务稳定性保障这些事 SSH 登陆问题及排查思路 网络安全通识(一)网络安全存在的理由:在线第一 Android Application Diffing: CVE-2019-10875 Inspection D-Link camera vulnerability allows attackers to tap into the video stream 使用Suricata和ELK进行流量检测 Feathering for SSIDs 我的CSP绕过思路及总结 Exploiting Logic Bugs in JavaScript JIT Engines itops: 基于Python + Django的AD\Exchange管理系统 如何入侵基于RMI的JMX服务 基于统计分析的ICMP隧道检测方法与实现 Hack The Box - BigHead Exploit for CVE-2019-9810 Firefox on Windows 64 bits Taking Control of VMware Through the Universal Host Controller Interface: Part 1 wpbullet: A static code analysis for WordPress (and PHP) 浅谈入侵溯源过程中的一些常见姿势 利用ASP.NET中的x-up-devcap-post-charset请求头绕过Web防火墙 代理蜜罐的开发与应用实战 2600万TRX被盗背后的罗生门 Cisco Talos报告Alpine Linux Docker镜像中的硬编码凭据 x-up-devcap-post-charset Header in ASP.NET to Bypass WAFs Again! How to Reverse Malware on macOS Without Getting Infected | Part 1 Command injection by setting a custom search engine Hijacking browser TLS traffic through Client Domain Hooking List of Awesome Asset Discovery Resources SecWiki周刊(第270期) Watermark: 网页添加水印的库 write-after-free vulnerability in Firefox, Analysis and Exploitation “不可破解”生物识别USB通过纯文本传输密码 Open Source SIRP with Elasticsearch and TheHive Tale of a Wormable Twitter XSS ExtAnalysis: Browser Extension Analysis Framework Broadcom无线芯片组的逆向分析之旅 From zero to tfp0 - Part 2: Walkthrough of the voucher_swap exploit Comprehensive walkthrough of the LTDH19 RE challenges Looking inside the box Eight Devices, One Exploit Browser、Mitigation 、Kernel 等漏洞利用相关研究 2019 Data Breach Investigations Report The XSS challenge that +100k people saw but only 90 solved CTF线下攻防指南 Exploring Mimikatz - Part 1 SSH Honey Keys 知识图谱怎么入门 tetanus: Helper script for mangling CS payloads 如何攻击Mirai僵尸网络(及其变种)的控制服务器? Using Win95 kernel32.dll exports like a virus Detailed Analysis of macOS Vulnerability CVE-2019-8507 Bashter: Web Crawler, Scanner, and Analyzer Framework (Shell-Script based) Unpacking Redaman Malware & Basics of Self-Injection Packers Throwing 500 vm’s at your fuzzing target being an individual security researcher 聊聊安全测试中如何快速搞定Webshell From Zero to tfp0 - Part 1: Prologue XMLDecoder解析流程分析 Finding Registry Malware Persistence with RECmd Security Data Science Learning Resources Malicious DLL execution using Apple's APSDaemon.exe signed binary An Old Cisco OpenSSH Bug Vulmap: Vulmap Online Local Vulnerability Scanners Project 2600万TRX被盗背后的罗生门 - 第二集 response: Monzo's real-time incident response and reporting tool -----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com
本期原文地址: SecWiki周刊(第271期)