SecWiki周刊(第320期)
2020/04/13-2020/04/19
安全资讯
公安部公布十起侵犯公民个人信息违法犯罪典型案件
https://mp.weixin.qq.com/s/3P4zEOepOxBETOcvBYhpDA
https://mp.weixin.qq.com/s/3P4zEOepOxBETOcvBYhpDA
安全技术
Wechat&Alipay小程序源码反编译
https://www.ohlinge.cn/web/mini_app_decompile.html
https://www.ohlinge.cn/web/mini_app_decompile.html
Goby新一代安全测试工具
https://github.com/gobysec/Goby
https://github.com/gobysec/Goby
sharpwmi: 基于RPC的横向移动工具
https://github.com/QAX-A-Team/sharpwmi
https://github.com/QAX-A-Team/sharpwmi
一次对钓鱼邮件攻击者的溯源分析
https://mp.weixin.qq.com/s/-v7-M05Qyob5Rpzm_9lPQQ
https://mp.weixin.qq.com/s/-v7-M05Qyob5Rpzm_9lPQQ
使用FATE进行图片识别的深度神经网络联邦学习
https://mp.weixin.qq.com/s/wlB8Hz4nTgz9zEP3OEQDAQ
https://mp.weixin.qq.com/s/wlB8Hz4nTgz9zEP3OEQDAQ
Provenance Mining:终端溯源数据挖掘与威胁狩猎
https://mp.weixin.qq.com/s/Te7c3HvCcxX3ci9HTn8lEQ
https://mp.weixin.qq.com/s/Te7c3HvCcxX3ci9HTn8lEQ
我对安全与NLP的实践和思考
https://mp.weixin.qq.com/s/_q5s1fHc0DB3feSd4gQZyw
https://mp.weixin.qq.com/s/_q5s1fHc0DB3feSd4gQZyw
从Google内部安全架构设计看威胁情报与威胁狩猎的应用场景
https://zhuanlan.zhihu.com/p/129064940
https://zhuanlan.zhihu.com/p/129064940
国际网络安全应急响应体系介绍
https://mp.weixin.qq.com/s/1_cJGTpH4dU780K6qngkjQ
https://mp.weixin.qq.com/s/1_cJGTpH4dU780K6qngkjQ
云上攻防:Red Teaming for Cloud
http://avfisher.win/archives/1175
http://avfisher.win/archives/1175
基于SOC机器学习检测平台的行为分析建模-HTTP隐蔽通信检测
https://mp.weixin.qq.com/s/ggFbaQvn8yUJOFi_-DPNOw
https://mp.weixin.qq.com/s/ggFbaQvn8yUJOFi_-DPNOw
移动基带安全研究系列文章之概念与系统篇
https://mp.weixin.qq.com/s/YYicKHHZuI4Hgyw25AvFsQ
https://mp.weixin.qq.com/s/YYicKHHZuI4Hgyw25AvFsQ
CVE-2020-0796 SMB漏洞本地提权分析
https://xz.aliyun.com/t/7550
https://xz.aliyun.com/t/7550
一些提取api key的正则表达式
https://bacde.me/post/Extract-API-Keys-From-Regex/
https://bacde.me/post/Extract-API-Keys-From-Regex/
复杂风控场景下,如何打造一款高效的规则引擎
https://mp.weixin.qq.com/s/m4jFHUP3JYF9Z8TUxi9UIg
https://mp.weixin.qq.com/s/m4jFHUP3JYF9Z8TUxi9UIg
Swaks SMTP协议操作工具
https://mp.weixin.qq.com/s/2xhTg6HhgnFMA7jexgg3AA
https://mp.weixin.qq.com/s/2xhTg6HhgnFMA7jexgg3AA
浅谈基于IaaS公有云的中小型企业基础安全建设
https://mp.weixin.qq.com/s/XNUrlIBTNUHuTji4c5l_bg
https://mp.weixin.qq.com/s/XNUrlIBTNUHuTji4c5l_bg
SOC日志可视化工具:SOC Sankey Generator
https://www.freebuf.com/sectool/231106.html
https://www.freebuf.com/sectool/231106.html
Node.js 开发者报告
https://nodersurvey.github.io/reporters/index.html
https://nodersurvey.github.io/reporters/index.html
网络层绕过IDS/IPS的一些探索
https://mp.weixin.qq.com/s/QJeW7K-KThYHggWtJ-Fh3w
https://mp.weixin.qq.com/s/QJeW7K-KThYHggWtJ-Fh3w
容器化入侵检测Attack Matrix
https://www.cdxy.me/?p=821
https://www.cdxy.me/?p=821
Pwndrop - Self-hosting Your Red Team Payloads
https://breakdev.org/pwndrop/
https://breakdev.org/pwndrop/
生鲜电商拉新场景业务安全测评报告
https://mp.weixin.qq.com/s/oiSYOA-BDn9fUnb7EhO2vA
https://mp.weixin.qq.com/s/oiSYOA-BDn9fUnb7EhO2vA
APT供应链攻击防护应对分析及意义
https://mp.weixin.qq.com/s/qGMRjCeIyHSHk_aXI8Fxbg
https://mp.weixin.qq.com/s/qGMRjCeIyHSHk_aXI8Fxbg
百家cms代码审计
https://xz.aliyun.com/t/7542
https://xz.aliyun.com/t/7542
rdp-rs: Remote Desktop Protocol in RUST
https://github.com/citronneur/rdp-rs
https://github.com/citronneur/rdp-rs
详述一次拿shell后的单机信息搜集和贯穿整个内网的大型横向渗透
https://xz.aliyun.com/t/7538
https://xz.aliyun.com/t/7538
Ebfuscation: Abusing system errors for binary obfuscation
https://www.d00rt.eus/2020/04/ebfuscation-abusing-system-errors-for.html
https://www.d00rt.eus/2020/04/ebfuscation-abusing-system-errors-for.html
浅析接口安全之WebService
https://xz.aliyun.com/t/7541
https://xz.aliyun.com/t/7541
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第320期)
