SecWiki周刊(第297期)
2019/11/04-2019/11/10
安全资讯
中国网络安全细分领域矩阵图(Matrix 2019.11)发布
https://mp.weixin.qq.com/s/K1l7VKXE_UMTzmGkYgRGXg
https://mp.weixin.qq.com/s/K1l7VKXE_UMTzmGkYgRGXg
从本质看未来:对网络安全行业的深度思考
https://mp.weixin.qq.com/s/pYxoDxpSQSu867lmIbsWyg
https://mp.weixin.qq.com/s/pYxoDxpSQSu867lmIbsWyg
安全技术
绿盟科技漏洞扫描器(RSAS)漏洞知识库
https://github.com/biggerwing/nsfocus-rsas-knowledge-base
https://github.com/biggerwing/nsfocus-rsas-knowledge-base
Android应用逻辑漏洞半自动化挖掘思路
https://mp.weixin.qq.com/s/tFFe_LOs0e1Po8nj9ifmKg
https://mp.weixin.qq.com/s/tFFe_LOs0e1Po8nj9ifmKg
华为手机副总裁不拦着友商使用多屏协同,于是我...
https://mp.weixin.qq.com/s/RnFXcn_Lj3lfQguv8EQeJw
https://mp.weixin.qq.com/s/RnFXcn_Lj3lfQguv8EQeJw
Bypassing GitHub OAuth flow
https://blog.teddykatz.com/2019/11/05/github-oauth-bypass.html
https://blog.teddykatz.com/2019/11/05/github-oauth-bypass.html
基于ATT&CK框架的红蓝对抗
https://mp.weixin.qq.com/s/hpc3hIfZxWx11pwKvSy7Ww
https://mp.weixin.qq.com/s/hpc3hIfZxWx11pwKvSy7Ww
Android静态代码扫描效率优化与实践
https://tech.meituan.com/2019/11/07/android-static-code-canning.html
https://tech.meituan.com/2019/11/07/android-static-code-canning.html
2019年度容器安全现状分析
https://mp.weixin.qq.com/s/jtDlMe5SprpZfIfXryAjzg
https://mp.weixin.qq.com/s/jtDlMe5SprpZfIfXryAjzg
对基础 shell 进行流量混淆
https://green-m.me//2019/11/06/encrypt-reverse-shell/
https://green-m.me//2019/11/06/encrypt-reverse-shell/
Powershell攻击指南----黑客后渗透之道
https://github.com/rootclay/Powershell-Attack-Guide
https://github.com/rootclay/Powershell-Attack-Guide
Chakra漏洞调试笔记5-CVE-2019-0861复现
https://www.anquanke.com/post/id/190533
https://www.anquanke.com/post/id/190533
radar: 实时风控引擎(Risk Engine)
https://github.com/wfh45678/radar
https://github.com/wfh45678/radar
SecWiki周刊(第296期)
https://www.sec-wiki.com/weekly/296
https://www.sec-wiki.com/weekly/296
CVE-2019-1414 a Local Command Execution in Visual Studio Code
https://iwantmore.pizza/posts/cve-2019-1414.html
https://iwantmore.pizza/posts/cve-2019-1414.html
APT35研究白皮书(二)
https://www.freebuf.com/articles/network/216557.html
https://www.freebuf.com/articles/network/216557.html
网络空间靶场发展态势综述②JCOR
https://mp.weixin.qq.com/s/HKRVbjizwN3SeIvroXV_5g
https://mp.weixin.qq.com/s/HKRVbjizwN3SeIvroXV_5g
Python可视化利器Yellowbrick实践
https://blog.csdn.net/together_cz/article/details/86640784
https://blog.csdn.net/together_cz/article/details/86640784
社交网络在开源安全情报中的应用(一)
https://mp.weixin.qq.com/s/QTcvAtaSe1jWvGTg9ZcfiQ
https://mp.weixin.qq.com/s/QTcvAtaSe1jWvGTg9ZcfiQ
网络空间靶场发展态势综述-JIOR
https://mp.weixin.qq.com/s/B_oA7FCkFnRj4WOyVeFGmA
https://mp.weixin.qq.com/s/B_oA7FCkFnRj4WOyVeFGmA
数据挖掘领头人韩家炜教授:如何从无结构文本到有用的知识?
https://mp.weixin.qq.com/s/aKGh9wOdWsleSted_iEmBQ
https://mp.weixin.qq.com/s/aKGh9wOdWsleSted_iEmBQ
APT35研究白皮书(一)
https://www.freebuf.com/articles/network/216388.html
https://www.freebuf.com/articles/network/216388.html
Shellcode编码技术
https://xz.aliyun.com/t/6665
https://xz.aliyun.com/t/6665
深度学习实体关系抽取研究综述(下)
https://mp.weixin.qq.com/s/vefsmswv8aTA1zF5lJ_WxA
https://mp.weixin.qq.com/s/vefsmswv8aTA1zF5lJ_WxA
深度学习实体关系抽取研究综述(中)
https://mp.weixin.qq.com/s/-_jSyABp6oti_PbILrHqtg
https://mp.weixin.qq.com/s/-_jSyABp6oti_PbILrHqtg
关于子域名劫持的一些总结
https://xz.aliyun.com/t/6683
https://xz.aliyun.com/t/6683
PHP反序列化拓展攻击详解--phar
https://xz.aliyun.com/t/6699
https://xz.aliyun.com/t/6699
深度学习实体关系抽取研究综述(上)
https://mp.weixin.qq.com/s/_1bWSYIeGpkJyrSfSNhVdw
https://mp.weixin.qq.com/s/_1bWSYIeGpkJyrSfSNhVdw
聊聊对目前Passive IAST的思考
http://rui0.cn/archives/1175
http://rui0.cn/archives/1175
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第297期)
