SecWiki周刊(第305期)
2019/12/30-2020/01/05
安全资讯
数世咨询:2019年网络安全大事记
https://mp.weixin.qq.com/s/APOEaYrubmWupFRPbbjfkw
https://mp.weixin.qq.com/s/APOEaYrubmWupFRPbbjfkw
维他命2019大盘点之安全事件/漏洞篇
https://mp.weixin.qq.com/s/AsVZawBtipQzSdgJHt7eiw
https://mp.weixin.qq.com/s/AsVZawBtipQzSdgJHt7eiw
App违法违规收集使用个人信息行为认定方法
http://www.cac.gov.cn/2019-12/27/c_1578986455686625.htm
http://www.cac.gov.cn/2019-12/27/c_1578986455686625.htm
安全技术
XDef 2019 Slide
https://www.hackinn.com/index.php/archives/516/
https://www.hackinn.com/index.php/archives/516/
青藤云Webshell查杀绕过
https://www.bacde.me/post/QingtengCloud-Bypass-Php-Webshell/
https://www.bacde.me/post/QingtengCloud-Bypass-Php-Webshell/
Java Exploit编写——GoldenEye篇(上)
http://blog.blankshell.com/2020/01/02/java-exploit%e7%bc%96%e5%86%99-goldeneye%e7%af%87%ef%bc%88%e4%b8%8a%ef%bc%89/
http://blog.blankshell.com/2020/01/02/java-exploit%e7%bc%96%e5%86%99-goldeneye%e7%af%87%ef%bc%88%e4%b8%8a%ef%bc%89/
Java Exploit编写——GoldenEye篇(下)
http://blog.blankshell.com/2020/01/02/java-exploit%e7%bc%96%e5%86%99-goldeneye%e7%af%87%ef%bc%88%e4%b8%8b%ef%bc%89/
http://blog.blankshell.com/2020/01/02/java-exploit%e7%bc%96%e5%86%99-goldeneye%e7%af%87%ef%bc%88%e4%b8%8b%ef%bc%89/
KCTF2019_q4_第十题_幕后之王
https://bbs.pediy.com/thread-256969.htm
https://bbs.pediy.com/thread-256969.htm
渗透测试Window平台中 Certutil的使用
https://mp.weixin.qq.com/s/4jZBIRqbQ7UR7BXz2zdZtA
https://mp.weixin.qq.com/s/4jZBIRqbQ7UR7BXz2zdZtA
网络犯罪反制:714高炮与金融行业
https://mp.weixin.qq.com/s/yPTeg1Ue8AWq7dIZSqPrKw
https://mp.weixin.qq.com/s/yPTeg1Ue8AWq7dIZSqPrKw
CTF比赛中Linux环境中绕过受限的shell或bash环境的多种方式
https://mp.weixin.qq.com/s/O7n93QpLwuCCQySpZe-CkA
https://mp.weixin.qq.com/s/O7n93QpLwuCCQySpZe-CkA
SecIoT-Web: IoT漏洞检测平台
https://github.com/wrlu/SecIoT-Web
https://github.com/wrlu/SecIoT-Web
北京智源大会 PPT 合集
https://slides.baai.ac.cn/2019/
https://slides.baai.ac.cn/2019/
响尾蛇APT组织针对巴基斯坦最近的活动以及2019年该组织的活动总结
https://mp.weixin.qq.com/s/CZrdslzEs4iwlaTzJH7Ubg
https://mp.weixin.qq.com/s/CZrdslzEs4iwlaTzJH7Ubg
在Tesla Model S上实现Wi-Fi协议栈漏洞的利用
https://mp.weixin.qq.com/s/rULdN3wVKyR3GlGBhunpoQ
https://mp.weixin.qq.com/s/rULdN3wVKyR3GlGBhunpoQ
域渗透| Kerberos攻击速查表
https://mp.weixin.qq.com/s/_a9rX1R8EWR-4qCXqlGv4w
https://mp.weixin.qq.com/s/_a9rX1R8EWR-4qCXqlGv4w
SecWiki周刊(第304期)
https://www.sec-wiki.com/weekly/304
https://www.sec-wiki.com/weekly/304
ATT&CK攻击艺术的科学化
https://mp.weixin.qq.com/s/UITOiXwpETDZn2UvG9ChvA
https://mp.weixin.qq.com/s/UITOiXwpETDZn2UvG9ChvA
优秀博士系统能力培养(PPT)
https://mp.weixin.qq.com/s/9zKM6hQZOYRjr5IeawgsKA
https://mp.weixin.qq.com/s/9zKM6hQZOYRjr5IeawgsKA
安全学术圈2019年度总结
https://mp.weixin.qq.com/s/VrrQCLOfthxNTFhEqdT3xA
https://mp.weixin.qq.com/s/VrrQCLOfthxNTFhEqdT3xA
源头之战,不断升级的攻防对抗技术 —— 软件供应链攻击防御探索
https://security.tencent.com/index.php/blog/msg/140
https://security.tencent.com/index.php/blog/msg/140
JWT攻击手册:如何入侵你的Token
https://mp.weixin.qq.com/s/BH-gmMpHUkMvBcSBgJWnwA
https://mp.weixin.qq.com/s/BH-gmMpHUkMvBcSBgJWnwA
作为个体如何做安全运营
https://zhuanlan.zhihu.com/p/100610851
https://zhuanlan.zhihu.com/p/100610851
一份超级实用的勒索病毒自救指南
https://mp.weixin.qq.com/s/McMyk8ZJkEZJu10c8U5k7w
https://mp.weixin.qq.com/s/McMyk8ZJkEZJu10c8U5k7w
国外某cms审计之文件删除漏洞
https://xz.aliyun.com/t/6999
https://xz.aliyun.com/t/6999
S&P2020-Savior:漏洞导向的混合模糊测试技术
https://mp.weixin.qq.com/s/hW8ned6DIRJ7mx1657dVew
https://mp.weixin.qq.com/s/hW8ned6DIRJ7mx1657dVew
麒麟框架: Advanced Binary Emulation framework
https://www.qiling.io/zh/
https://www.qiling.io/zh/
Log4j反序列化分析(CVE-2019-17571&CVE-2017-5645)
https://xz.aliyun.com/t/7010
https://xz.aliyun.com/t/7010
跨站脚本(XSS)备忘录-2019版
https://mp.weixin.qq.com/s/Q9Vjcj4W8F0ZQQi6P7djWA
https://mp.weixin.qq.com/s/Q9Vjcj4W8F0ZQQi6P7djWA
某大型集团企业信息安全实践总结暨信息安全应急案例分享
https://www.anquanke.com/post/id/196200
https://www.anquanke.com/post/id/196200
通过AST来手撕Pickle opcode
https://xz.aliyun.com/t/7012
https://xz.aliyun.com/t/7012
代码审计zzcms
https://xz.aliyun.com/t/7006
https://xz.aliyun.com/t/7006
Fuzzing PHP with Domato
https://blog.jmpesp.org/2020/01/fuzzing-php-with-domato.html
https://blog.jmpesp.org/2020/01/fuzzing-php-with-domato.html
domdig: DOM XSS scanner for Single Page Applications
https://github.com/fcavallarin/domdig
https://github.com/fcavallarin/domdig
卡内基梅隆大学报告《迁移到云中面临的风险,威胁和漏洞概述》笔记
https://www.sec-un.org/%e5%8d%a1%e5%86%85%e5%9f%ba%e6%a2%85%e9%9a%86%e5%a4%a7%e5%ad%a6%e6%8a%a5%e5%91%8a%e3%80%8a%e8%bf%81%e7%a7%bb%e5%88%b0%e4%ba%91%e4%b8%ad%e9%9d%a2%e4%b8%b4%e7%9a%84%e9%a3%8e%e9%99%a9%ef%bc%8c%e5%a8%81/
https://www.sec-un.org/%e5%8d%a1%e5%86%85%e5%9f%ba%e6%a2%85%e9%9a%86%e5%a4%a7%e5%ad%a6%e6%8a%a5%e5%91%8a%e3%80%8a%e8%bf%81%e7%a7%bb%e5%88%b0%e4%ba%91%e4%b8%ad%e9%9d%a2%e4%b8%b4%e7%9a%84%e9%a3%8e%e9%99%a9%ef%bc%8c%e5%a8%81/
日志分析系列(外传二):Nginx日志统一化
https://mp.weixin.qq.com/s/SsDo92xxGxy1ajwEPtc_rg
https://mp.weixin.qq.com/s/SsDo92xxGxy1ajwEPtc_rg
PowerShell渗透–Empire
https://mp.weixin.qq.com/s/giBR-rnpm51cDE4aude2tg
https://mp.weixin.qq.com/s/giBR-rnpm51cDE4aude2tg
渗透测试实战—多网段多场景靶机入侵实战
https://www.anquanke.com/post/id/196032
https://www.anquanke.com/post/id/196032
机器学习之KNN检测恶意流量
https://www.freebuf.com/articles/web/223056.html
https://www.freebuf.com/articles/web/223056.html
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第305期)
