SecWiki周刊(第310期)
2020/02/03-2020/02/09
安全技术
[Web安全]  HTB系列-靶机Bitlab的渗透测试
https://mp.weixin.qq.com/s/ShACPmfP2gASTFY0trQLSw
[Web安全]  MySQL客户端jdbc反序列化漏洞payload
https://github.com/codeplutos/MySQL-JDBC-Deserialization-Payload
[工具]  JSONP-Hunter: JSONP Hunter in Burpsuite
https://github.com/p1g3/JSONP-Hunter
[编程技术]  从0开始入门Chrome Ext安全(番外篇) -- Zoomeye Tools
https://lorexxar.cn/2020/02/03/chrome-ext-3/
[漏洞分析]  Chrome漏洞调试笔记2-CVE-2019-0808
https://www.anquanke.com/post/id/197892
[漏洞分析]  机器学习在二进制代码相似性分析中的应用
https://mp.weixin.qq.com/s/QGhA2LanCq5KSUYT5uBf9A
[运维安全]  如何利用AgentSmith-HIDS检测反弹shell
https://xz.aliyun.com/t/7158
[杂志]  SecWiki周刊(第309期)
https://www.sec-wiki.com/weekly/309
[取证分析]  一次对BT种子的追踪小记
https://www.freebuf.com/articles/network/226069.html
[运维安全]  零信任原生安全:超越云原生安全
https://mp.weixin.qq.com/s/hOcMlzQJ4jPlROc4Rvvk5Q
[Web安全]  红队行动之鱼叉攻击
https://payloads.online/archivers/2020-02-05/1
[设备安全]  车联网安全系列——特斯拉iBeacon隐私泄露
https://www.anquanke.com/post/id/197750
[数据挖掘]  打造一个通用的信息推送框架
https://xz.aliyun.com/t/7165
[数据挖掘]  一站式机器学习平台建设实践
https://tech.meituan.com/2020/01/23/meituan-delivery-machine-learning.html
[取证分析]  Mail PassView – Extract Lost Email Passwords
https://www.nirsoft.net/utils/mailpv.html
[漏洞分析]  那些shellcode免杀总结
https://xz.aliyun.com/t/7170
[数据挖掘]  多知识图谱的融合算法探索
https://zhuanlan.zhihu.com/p/105203565
[恶意分析]  Real-time detection of high-risk attacks leveraging Kerberos and SMB
https://github.com/sisoc-tokyo/Real-timeDetectionAD_jornal
[恶意分析]  Attacker's Tactics and Techniques in Unsecured Docker Daemons Revealed
https://unit42.paloaltonetworks.com/attackers-tactics-and-techniques-in-unsecured-docker-daemons-revealed/
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第310期)