SecWiki周刊(第288期)
2019/09/02-2019/09/08
安全资讯
2019年上半年上市网络安全公司经营简报
https://mp.weixin.qq.com/s/huQKnnsQtLn0uVZj-wz0Uw
https://mp.weixin.qq.com/s/huQKnnsQtLn0uVZj-wz0Uw
安全技术
端对端加密的微信聊天插件
https://github.com/dplusec/tgwechat
https://github.com/dplusec/tgwechat
反弹shell的学习总结 - Part 2
https://mp.weixin.qq.com/s/S9Luvf2Drj4aDqKWUJjTwg
https://mp.weixin.qq.com/s/S9Luvf2Drj4aDqKWUJjTwg
JWTPyCrack-JWT攻击脚本
https://github.com/Ch1ngg/JWTPyCrack
https://github.com/Ch1ngg/JWTPyCrack
安全开源项目之越权漏洞自动化检测
https://mp.weixin.qq.com/s/vwF7aTvk-U-SnJqO3f80gA
https://mp.weixin.qq.com/s/vwF7aTvk-U-SnJqO3f80gA
(CVE-2019-1030) Microsoft Edge - Universal XSS
https://leucosite.com/Microsoft-Edge-uXSS/
https://leucosite.com/Microsoft-Edge-uXSS/
百度实体链接比赛后记:行为建模和实体链接(含代码分享)
https://mp.weixin.qq.com/s/hIGmW_J5xEvLUXa4hFHzsA
https://mp.weixin.qq.com/s/hIGmW_J5xEvLUXa4hFHzsA
[ipa破解器] 零代码一键生成免越狱ipa!
http://iosre.com/t/ipa-ipa/15494
http://iosre.com/t/ipa-ipa/15494
企业如何构建有效的安全运营体系
https://mp.weixin.qq.com/s/JJkQ8S4qw0RigOoA9Xzhyw
https://mp.weixin.qq.com/s/JJkQ8S4qw0RigOoA9Xzhyw
CoinBlockerLists
https://zerodot1.gitlab.io/CoinBlockerListsWeb/
https://zerodot1.gitlab.io/CoinBlockerListsWeb/
2019 suctf writeup
http://zeroyu.xyz/2019/09/05/2019-suctf-writeup/
http://zeroyu.xyz/2019/09/05/2019-suctf-writeup/
fireeye/SharPersist
https://github.com/fireeye/SharPersist
https://github.com/fireeye/SharPersist
FastJson拒绝服务漏洞分析
https://nosec.org/home/detail/2933.html
https://nosec.org/home/detail/2933.html
Linux环境下无文件执行elf
http://www.polaris-lab.com/index.php/archives/666/
http://www.polaris-lab.com/index.php/archives/666/
一款漏洞验证框架的构思
https://nosec.org/home/detail/2919.html
https://nosec.org/home/detail/2919.html
社交网络影响集体决策,或改变选举结果
https://mp.weixin.qq.com/s/KqyF7epXWRhaT4spGWHXSw
https://mp.weixin.qq.com/s/KqyF7epXWRhaT4spGWHXSw
Grahql查询漏洞所引起的敏感信息泄露
https://nosec.org/home/detail/2922.html
https://nosec.org/home/detail/2922.html
Deep learning rises: New methods for detecting malicious PowerShell
https://www.microsoft.com/security/blog/2019/09/03/deep-learning-rises-new-methods-for-detecting-malicious-powershell/
https://www.microsoft.com/security/blog/2019/09/03/deep-learning-rises-new-methods-for-detecting-malicious-powershell/
通过基于时间的侧信道攻击识别WAF规则
https://xz.aliyun.com/t/6175
https://xz.aliyun.com/t/6175
推特的Golden Pulse Secure SSL VPN远程命令执行攻击链条
https://nosec.org/home/detail/2924.html
https://nosec.org/home/detail/2924.html
Logitech Unifying Vulnerabilities
https://github.com/mame82/UnifyingVulnsDisclosureRepo/tree/master/vulnerability_reports
https://github.com/mame82/UnifyingVulnsDisclosureRepo/tree/master/vulnerability_reports
SecWiki周刊(第287期)
https://www.sec-wiki.com/weekly/287
https://www.sec-wiki.com/weekly/287
一种基于欺骗防御的入侵检测技术研究
https://mp.weixin.qq.com/s/6BEY9qpi0rfk1_T1k1lWmg
https://mp.weixin.qq.com/s/6BEY9qpi0rfk1_T1k1lWmg
Attacking SSL VPN - Part 3: The Golden Pulse Secure SSL VPN RCE Chain
http://blog.orange.tw/2019/09/attacking-ssl-vpn-part-3-golden-pulse-secure-rce-chain.html
http://blog.orange.tw/2019/09/attacking-ssl-vpn-part-3-golden-pulse-secure-rce-chain.html
利用ptrace和memfd_create混淆程序名和参数
https://mp.weixin.qq.com/s/ab9GKXfaNeGLiBbp6_jh-A
https://mp.weixin.qq.com/s/ab9GKXfaNeGLiBbp6_jh-A
Linux环境下无文件执行elf
https://mp.weixin.qq.com/s/gz77Yy3yKPM10JsDg1oyiw
https://mp.weixin.qq.com/s/gz77Yy3yKPM10JsDg1oyiw
Evading Machine Learning Malware Classifiers
https://medium.com/@william.fleshman/evading-machine-learning-malware-classifiers-ce52dabdb713
https://medium.com/@william.fleshman/evading-machine-learning-malware-classifiers-ce52dabdb713
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第288期)
