SecWiki周刊(第319期)
2020/04/06-2020/04/12
安全技术
[比赛]  记一次360众测仿真实战靶场考核WP
https://xz.aliyun.com/t/7547
[运维安全]  零信任架构实战系列:干掉密码,无密码化方案落地
https://mp.weixin.qq.com/s/xs-xybNs6Ha6_-Qr_EE-qw
[运维安全]  记一次编写安全资产管理平台
https://www.freebuf.com/sectool/231097.html
[取证分析]  ATT&CK矩阵Linux系统安全实践
https://www.freebuf.com/articles/es/231784.html
[运维安全]  Shadowsocks—基于二次混淆加密传输的数据保密性原理分析
https://mp.weixin.qq.com/s/OPpAjg8GazuicnjmME3P6A
[运维安全]  恶意代码分析静态分析
https://mp.weixin.qq.com/s/uVcnAPgTlnB3rIfacgi-9g
[Web安全]  领略cdn绕过的魅力
https://mp.weixin.qq.com/s/7wpQXujqKk03GghPbmiwMw
[其它]  一文掌握CTF中Python全部考点
https://mp.weixin.qq.com/s/Lj4nCz0hag-AKQF_s79fQw
[杂志]  SecWiki周刊(第318期)
https://www.sec-wiki.com/weekly/318
[运维安全]  大型互联网应用安全SDL体系建设实践
https://mp.weixin.qq.com/s/STBzFf-NtfbDEA5s9RBdaw
[编程技术]  浅析HTTP走私攻击
https://mp.weixin.qq.com/s/IMZrvJGQjcLBZS74kMWRnA
[Web安全]   对某大型企业的一次web漏洞挖掘过程
https://mp.weixin.qq.com/s/GuJgbLfJobTcJ2FMii3IzA
[恶意分析]  “震网”三代和二代漏洞技术分析报告
https://mp.weixin.qq.com/s/qc25c_nuUax6UoknAVLrAw
[运维安全]  Wazuh:如何对异构数据进行关联告警
https://www.freebuf.com/sectool/230505.html
[漏洞分析]  Exploiting CVE-2020-0041 - Part 1: Escaping the Chrome Sandbox
https://labs.bluefrostsecurity.de/blog/2020/03/31/cve-2020-0041-part-1-sandbox-escape/
[漏洞分析]  工具推荐系列 - sigcheck文件签名检测
https://mp.weixin.qq.com/s/4oFtOAT-mRYrOuxBIe4XLA
[恶意分析]  工具推荐系列 - PESecurity编译选项安全检测
https://mp.weixin.qq.com/s/9feawxqHRQHUazF-oX6VOQ
[恶意分析]  常见的web容器后门笔记
https://mp.weixin.qq.com/s/-cmM1k3--H6p1ditfQHPEw
[漏洞分析]  Fuzzowski:一款功能强大的网络协议模糊测试工具
https://www.freebuf.com/sectool/227869.html
[漏洞分析]  Exploiting CVE-2020-0041 - Part 2: Escalating to root
https://labs.bluefrostsecurity.de/blog/2020/04/08/cve-2020-0041-part-2-escalating-to-root/
[恶意分析]  Donot team 组织(APT-C-35)移动端攻击活动分析​
https://mp.weixin.qq.com/s/3j5yh8R1D8r9AxKV2qSMKA
[设备安全]  路由器固件编译入门
https://mp.weixin.qq.com/s/n4831yUtgN3_KKBtwM966w
[Web安全]  从0到1认识DNS重绑定攻击
https://xz.aliyun.com/t/7495
[恶意分析]  CATBERT — Detecting malicious emails with a bleeding-edge neural language model
https://medium.com/@sophos.ai/detecting-malicious-emails-with-a-bleeding-edge-neural-language-model-355b366d8940
[Web安全]  合约小白初试薅羊毛
https://mp.weixin.qq.com/s/mRthg2LHNu8ATsoDNAXyVw
[Web安全]  六种bypass安全软件防护执行的方式
https://mp.weixin.qq.com/s/sfxJbyJMB6FyGfa6H0G3hA
[恶意分析]  DDG的新征程——自研P2P协议构建混合P2P网络
https://blog.netlab.360.com/ddg-upgrade-to-new-p2p-hybrid-model/
[恶意分析]  QQ二维码登陆机制分析+双重SSRF钓鱼利用
https://www.freebuf.com/vuls/229694.html
[Web安全]  针对某国际信息通信公司从前期探测到内网提权的一次成功漏洞测试
https://www.freebuf.com/vuls/230441.html
[编程技术]  Badusb 攻击之MacOSX系统实战
https://bacde.me/post/Badusb-Attack-On-Mac-OSX/
[漏洞分析]  Attacks Simultaneously Exploiting Vulnerability in IE and Firefox
https://blogs.jpcert.or.jp/en/2020/04/ie-firefox-0day.html
[Web安全]  内网渗透-域环境权限维持
https://mp.weixin.qq.com/s/sSx9ugLPAdfg1G6_AZ0l5w
[Web安全]  内网渗透-windows持久性后门
https://mp.weixin.qq.com/s/iFzYsWiWneAE_zGGZo7Miw
[Web安全]  awesome-web-security: List of Web Security materials and resources
https://github.com/qazbnm456/awesome-web-security
[论文]  安全漏洞报告的差异性测量
https://mp.weixin.qq.com/s/h6xLJyqybGASORugqsvmgg
[漏洞分析]  关于Adobe PDF 0day的故事
https://mp.weixin.qq.com/s/fx8MQ8ZMhZHwrruigLFbGA
[漏洞分析]  TianFu Cup 2019: Adobe Reader Exploitation
https://starlabs.sg/blog/2020/04/tianfu-cup-2019-adobe-reader-exploitation/
[恶意分析]  工具推荐系列 - Genymotion模拟器ARM转换
https://mp.weixin.qq.com/s/9F2mEKSMIb7X3Jnj0g9kJA
[Web安全]  智能合约代码层漏洞小记
https://mp.weixin.qq.com/s/6fHu5MQnIT0MyeRfdLG3PQ
[书籍]  Interpretable Machine Learning: A Guide for Making Black Box Models Explainable
https://christophm.github.io/interpretable-ml-book/
[移动安全]  iOS exploit chain deploys “LightSpy” feature-rich malware
https://securelist.com/ios-exploit-chain-deploys-lightspy-malware/96407/
[Web安全]  Midnight Sun CTF 2020 WriteUp
https://mp.weixin.qq.com/s/KF0vLJdRAzcgqMaI1izwUA
-----微信ID:SecWiki-----
SecWiki,8年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第319期)