SecWiki周刊(第323期)
2020/05/04-2020/05/10
安全技术
[Web安全]  De1CTF2020-WriteUp上(Web、Misc、Pwn)
https://mp.weixin.qq.com/s/1CR0up_b5a1zw02wZNwJpg
[工具]  从 SQL 到 RCE 利用 SessionState 反序列化攻击 ASP.NET 网站应用程式
https://paper.seebug.org/1186/
[工具]  Java 反序列化系列 ysoserial Groovy 1
https://paper.seebug.org/1171/
[漏洞分析]  Fastjson 反序列化漏洞史
https://paper.seebug.org/1192/
[其它]  技术人的修炼之道:从业余到专业
https://mp.weixin.qq.com/s/gBgFyy4MMrF5vn-8NGEVQw
[运维安全]  用SASE加速零信任网络交付
https://mp.weixin.qq.com/s/OjHgQGrJWfueu4AfxES9Hg
[漏洞分析]  JAVA RMI反序列化知识详解
https://mp.weixin.qq.com/s/bC71HoEtDAKKbHJvStu9qA
[Web安全]  Tide-Mars:资产管理与威胁监测平台开源版本
https://mp.weixin.qq.com/s/-7V14Rpu2KU5HUsa0p025g
[运维安全]  新一代SIEM与SOAR的技术对比
https://mp.weixin.qq.com/s/mfNRbDXIg5_1jSKHbceHCA
[Web安全]  已知邮箱,求手机号码?
https://mp.weixin.qq.com/s/XvMruURNVWBkEwxvnPSW1g
[恶意分析]  De1CTF2020-WriteUp下(Crypto、Reverse)
https://mp.weixin.qq.com/s/KKkxUb_rUEi7Pxj0Qj5Odw
[无线安全]  GPS欺骗实验
https://www.anquanke.com/post/id/204316
[数据挖掘]  Understanding E-commerce Fraud from Autonomous Chat
https://mp.weixin.qq.com/s/uzGQxgfaUufsDSvcYIIYig
[漏洞分析]  WEBPWN入门级调试讲解
https://www.anquanke.com/post/id/204404
[Web安全]  数字中国创新大赛-虎符网络安全赛道Write up
https://mp.weixin.qq.com/s/ih2X8IXVFmrMVwJYuf5gng
[设备安全]  物联网场景下的白盒加密技术
https://mp.weixin.qq.com/s/y8FNDtuJIIiYmZDLTxuL_g
[杂志]  SecWiki周刊(第322期)
https://www.sec-wiki.com/weekly/322
[漏洞分析]  协议模糊测试相关技术梳理
https://mp.weixin.qq.com/s/RCpAUpFEzbSewEnWpHrsqw
[观点]  我的安全漏洞观
https://mp.weixin.qq.com/s/86cS8yIgbVcKStZWq84M7Q
[Web安全]  内网渗透:流量转发场景测试
https://www.anquanke.com/post/id/204347
[恶意分析]  Decrypting and analyzing HTTPS traffic without MITM
https://blog.silentsignal.eu/2020/05/04/decrypting-and-analyzing-https-traffic-without-mitm/
[移动安全]  Android's May 2020 Patches Fix Critical System Vulnerability
https://www.securityweek.com/androids-may-2020-patches-fix-critical-system-vulnerability
[Web安全]  linux后渗透之收集登录凭证
https://xz.aliyun.com/t/7698
[观点]   卫星互联网重新定义网络战
https://mp.weixin.qq.com/s/mj4BVfI-j3yp-xaSZeEW_A
[恶意分析]  Deconstructing the Dukes: A Researcher's Retrospective of APT29
https://blog.f-secure.com/podcast-dukes-apt29/
[设备安全]  从乌克兰电网事件看工控安全态势
https://www.freebuf.com/articles/ics-articles/233680.html
[漏洞分析]  Windows exploitation
https://fullpwnops.com/windows-exploitation-pathway.html
[Web安全]  子域名托管案例
https://mp.weixin.qq.com/s/Nqy0Agq_h9yZhvqKdZBZgw
[恶意分析]  The Dacls RAT now on macOS!
https://objective-see.com/blog/blog_0x57.html
[恶意分析]  Schnelder - NetBotz Firmware 固件分析
https://paper.seebug.org/1170/
[Web安全]  浏览器中隐蔽数据传输通道-DNS隧道
https://mp.weixin.qq.com/s/u5HV7umrZABcgVpZ5pn6WQ
[Web安全]  对缓存投毒的学习总结
https://xz.aliyun.com/t/7696
[漏洞分析]  Bugs on the Windshield: Fuzzing the Windows Kernel
https://research.checkpoint.com/2020/bugs-on-the-windshield-fuzzing-the-windows-kernel/
[Web安全]  DOM XSS in Gmail with a little help from Chrome
https://opnsec.com/2020/05/dom-xss-in-gmail-with-a-little-help-from-chrome/
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第323期)