SecWiki周刊(第276期)
2019/06/10-2019/06/16
安全资讯
个人信息出境安全评估办法(征求意见稿)
http://www.cac.gov.cn/2019-06/13/c_1124613618.htm
http://www.cac.gov.cn/2019-06/13/c_1124613618.htm
通报"净网2019"专项行动典型案例
https://mp.weixin.qq.com/s/P21rRO_tFo9ZDCrbDdIHGA
https://mp.weixin.qq.com/s/P21rRO_tFo9ZDCrbDdIHGA
安全技术
DEF CON China 1 presentations
https://media.defcon.org/DEF%20CON%20China%201/
https://media.defcon.org/DEF%20CON%20China%201/
Vxscan: python3写的综合扫描工具
https://github.com/al0ne/Vxscan
https://github.com/al0ne/Vxscan
aswan: 陌陌风控系统静态规则引擎
https://github.com/momosecurity/aswan
https://github.com/momosecurity/aswan
网安独角兽CrowdStrike IPO分析(一)
https://mp.weixin.qq.com/s/YHmQDUZze_qbmebaRlTKGg
https://mp.weixin.qq.com/s/YHmQDUZze_qbmebaRlTKGg
Coremail敏感文件泄露
https://nosec.org/home/detail/2709.html
https://nosec.org/home/detail/2709.html
xray:HTTP 代理进行被动扫描
https://github.com/chaitin/xray
https://github.com/chaitin/xray
基于Packetbeat探索搭建轻量级网络流量监测系统
https://mp.weixin.qq.com/s/Tx9nHxvp9ezd0hf1PZcmiQ
https://mp.weixin.qq.com/s/Tx9nHxvp9ezd0hf1PZcmiQ
Weblogic最新反序列化远程命令执行漏洞(绕过 CVE-2019-2725 补丁)
https://nosec.org/home/detail/2711.html
https://nosec.org/home/detail/2711.html
pwnable.tw hacknote wp
http://www.zerokeeper.com/pwn/pwnabletw-hacknote-wp.html
http://www.zerokeeper.com/pwn/pwnabletw-hacknote-wp.html
机器学习方法在二进制分析中的应用与思考
https://zhuanlan.zhihu.com/p/68538874
https://zhuanlan.zhihu.com/p/68538874
awesome-knowledge-graph: 整理知识图谱相关学习资料
https://github.com/husthuke/awesome-knowledge-graph
https://github.com/husthuke/awesome-knowledge-graph
2018年Android应用安全白皮书
https://mp.weixin.qq.com/s/sb2hndSGn_IpMWmSGC4rPg
https://mp.weixin.qq.com/s/sb2hndSGn_IpMWmSGC4rPg
企业安全建设的体系思考与落地实践
https://mp.weixin.qq.com/s/rmd8CvQKRMQWFR1o3t7I8w
https://mp.weixin.qq.com/s/rmd8CvQKRMQWFR1o3t7I8w
OPENVAS源码编译解析
https://www.freebuf.com/articles/system/110027.html
https://www.freebuf.com/articles/system/110027.html
无监督异常检测模型原理与安全实践
https://xz.aliyun.com/t/5378
https://xz.aliyun.com/t/5378
2019强网杯Web部分Writeup
https://www.freebuf.com/articles/web/205690.html
https://www.freebuf.com/articles/web/205690.html
安全分析中的威胁情报(一)
https://zhuanlan.zhihu.com/p/68780251
https://zhuanlan.zhihu.com/p/68780251
crawlab: 基于Celery的爬虫分布式爬虫管理平台
https://github.com/tikazyq/crawlab/blob/master/README-zh.md
https://github.com/tikazyq/crawlab/blob/master/README-zh.md
Defcon China 1.0 胸卡破解笔记
https://mp.weixin.qq.com/s/j4Dqhko9nnxeuDkLZKftDA
https://mp.weixin.qq.com/s/j4Dqhko9nnxeuDkLZKftDA
Evaluating threat intelligence sources
https://www.kaspersky.com/blog/evaluating-threat-intelligence/26952/
https://www.kaspersky.com/blog/evaluating-threat-intelligence/26952/
Heap Overflow Exploitation on Windows 10 Explained
https://blog.rapid7.com/2019/06/12/heap-overflow-exploitation-on-windows-10-explained/
https://blog.rapid7.com/2019/06/12/heap-overflow-exploitation-on-windows-10-explained/
针对Belkin Surf N300路由器的硬件逆向研究
https://www.4hou.com/reverse/18455.html
https://www.4hou.com/reverse/18455.html
基于污点分析的XSS漏洞辅助挖掘的一种方式
https://xz.aliyun.com/t/5380
https://xz.aliyun.com/t/5380
网安独角兽CrowdStrike IPO分析(二)
https://mp.weixin.qq.com/s/sNyqz3infRfvS__1zc9wjQ
https://mp.weixin.qq.com/s/sNyqz3infRfvS__1zc9wjQ
首届云安全挑战赛之线上热身赛解题分享
https://zhuanlan.zhihu.com/p/68800032
https://zhuanlan.zhihu.com/p/68800032
细说CVE-2010-2883从原理分析到样本构造
https://www.freebuf.com/vuls/204874.html
https://www.freebuf.com/vuls/204874.html
从Charles破解历程了解Javassist使用
https://www.freebuf.com/sectool/205520.html
https://www.freebuf.com/sectool/205520.html
Getting Started with ATT&CK: Threat Intelligence
https://medium.com/mitre-attack/getting-started-with-attack-cti-4eb205be4b2f
https://medium.com/mitre-attack/getting-started-with-attack-cti-4eb205be4b2f
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第276期)
