SecWiki周刊(第315期)
2020/03/09-2020/03/15
安全资讯
解密美国司法部起诉中国OTC承兑商洗钱案件
https://mp.weixin.qq.com/s/wWrm3gwT72Pc8Nxw-1OiSw
https://mp.weixin.qq.com/s/wWrm3gwT72Pc8Nxw-1OiSw
安全技术
网络流量分析引擎QNSM及其应用
https://mp.weixin.qq.com/s/flQdwQn9A1vxNs-iHQBHWA
https://mp.weixin.qq.com/s/flQdwQn9A1vxNs-iHQBHWA
2020 IoT Threat Report (解读版)
https://uxss.net/2020/03/12/2020%20IoT%20Threat%20Report%20%E8%A7%A3%E8%AF%BB/
https://uxss.net/2020/03/12/2020%20IoT%20Threat%20Report%20%E8%A7%A3%E8%AF%BB/
无文件执行:一切皆是shellcode(上篇)
https://mp.weixin.qq.com/s/Bv0xebGKaJ2GGwntKGq2NQ
https://mp.weixin.qq.com/s/Bv0xebGKaJ2GGwntKGq2NQ
基于协程的CVE-2020-0796快速检测脚本
https://github.com/GuoKerS/aioScan_CVE-2020-0796
https://github.com/GuoKerS/aioScan_CVE-2020-0796
The unexpected Google wide domain check bypass
https://bugs.xdavidhu.me/google/2020/03/08/the-unexpected-google-wide-domain-check-bypass/
https://bugs.xdavidhu.me/google/2020/03/08/the-unexpected-google-wide-domain-check-bypass/
物联网漏洞挖掘及利用实践:mips栈溢出
https://mp.weixin.qq.com/s/psVle6RAcTqX8VY_d4ouKg
https://mp.weixin.qq.com/s/psVle6RAcTqX8VY_d4ouKg
远控免杀专题-shellcode免杀实践
https://mp.weixin.qq.com/s/J78CPtHJX5ouN6fxVxMFgg
https://mp.weixin.qq.com/s/J78CPtHJX5ouN6fxVxMFgg
SOC_Sankey_Generator: 从SOC日志中进行数据ETL与数据可视化的工具
https://github.com/LennyLeng/SOC_Sankey_Generator
https://github.com/LennyLeng/SOC_Sankey_Generator
SecWiki周刊(第314期)
https://www.sec-wiki.com/weekly/314
https://www.sec-wiki.com/weekly/314
v8利用入门-从越界访问到rce
http://blog.topsec.com.cn/v8%e5%88%a9%e7%94%a8%e5%85%a5%e9%97%a8-%e4%bb%8e%e8%b6%8a%e7%95%8c%e8%ae%bf%e9%97%ae%e5%88%b0rce/
http://blog.topsec.com.cn/v8%e5%88%a9%e7%94%a8%e5%85%a5%e9%97%a8-%e4%bb%8e%e8%b6%8a%e7%95%8c%e8%ae%bf%e9%97%ae%e5%88%b0rce/
如何自建IoT实验室(一)
https://www.white-alone.com/%E5%A6%82%E4%BD%95%E8%87%AA%E5%BB%BAIoT%E5%AE%9E%E9%AA%8C%E5%AE%A4_1/
https://www.white-alone.com/%E5%A6%82%E4%BD%95%E8%87%AA%E5%BB%BAIoT%E5%AE%9E%E9%AA%8C%E5%AE%A4_1/
如何自建IoT实验室(二)
https://www.white-alone.com/%E5%A6%82%E4%BD%95%E8%87%AA%E5%BB%BAIoT%E5%AE%9E%E9%AA%8C%E5%AE%A4_2/
https://www.white-alone.com/%E5%A6%82%E4%BD%95%E8%87%AA%E5%BB%BAIoT%E5%AE%9E%E9%AA%8C%E5%AE%A4_2/
bayonet: SRC资产管理系统
https://github.com/CTF-MissFeng/bayonet
https://github.com/CTF-MissFeng/bayonet
远控免杀专题(8)-BackDoor-Factory免杀(VT免杀率13/71)
https://mp.weixin.qq.com/s/OO0KzQDl733XSfDAZ4wJXg
https://mp.weixin.qq.com/s/OO0KzQDl733XSfDAZ4wJXg
从0到1的虚拟机逃逸三部曲
https://xz.aliyun.com/t/7345
https://xz.aliyun.com/t/7345
srcinv: source code audit tool 代码审计工具
https://github.com/hardenedlinux/srcinv
https://github.com/hardenedlinux/srcinv
Chrome 浏览器越界写漏洞分析Part 1
https://www.anquanke.com/post/id/198629
https://www.anquanke.com/post/id/198629
Chrome 浏览器越界写漏洞分析Part 2
https://www.anquanke.com/post/id/198720
https://www.anquanke.com/post/id/198720
刺向巴勒斯坦的致命毒针——双尾蝎 APT 组织的攻击活动分析与总结
https://mp.weixin.qq.com/s/m9OtnrCZowfEQI7TTzCnzg
https://mp.weixin.qq.com/s/m9OtnrCZowfEQI7TTzCnzg
使用 Dom Clobbering 扩展 XSS
https://xz.aliyun.com/t/7329
https://xz.aliyun.com/t/7329
phpmyadmin getshell到提权
https://mp.weixin.qq.com/s/Zdpw0aX_Tey4__ltXI-a-A
https://mp.weixin.qq.com/s/Zdpw0aX_Tey4__ltXI-a-A
使用Powershell对目标进行屏幕监控
https://mp.weixin.qq.com/s/PfsdAVoS1GQTXWGlzknlWQ
https://mp.weixin.qq.com/s/PfsdAVoS1GQTXWGlzknlWQ
PHP 开源白盒审计工具初探(上)
https://mp.weixin.qq.com/s/gklKcFRR5erB2rdjr3BTUQ
https://mp.weixin.qq.com/s/gklKcFRR5erB2rdjr3BTUQ
owasp-threat-dragon-desktop: 威胁建模工具
https://github.com/mike-goodwin/owasp-threat-dragon-desktop
https://github.com/mike-goodwin/owasp-threat-dragon-desktop
PHP 开源白盒审计工具初探(下)
https://mp.weixin.qq.com/s/6Y7anVvO9C5_nqdJihuFMw
https://mp.weixin.qq.com/s/6Y7anVvO9C5_nqdJihuFMw
Kerberos概述及常见攻击场景
https://www.anquanke.com/post/id/200680
https://www.anquanke.com/post/id/200680
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第315期)
