SecWiki周刊(第324期)
2020/05/11-2020/05/17
安全资讯
2020年第17届全国大学生信息安全与对抗技术竞赛通知(ISCC2020)
https://www.secpulse.com/archives/129104.html
https://www.secpulse.com/archives/129104.html
安全技术
SSRF攻击姿势汇总
http://www.codersec.net/2020/05/SSRF%E6%94%BB%E5%87%BB%E5%A7%BF%E5%8A%BF%E6%B1%87%E6%80%BB/
http://www.codersec.net/2020/05/SSRF%E6%94%BB%E5%87%BB%E5%A7%BF%E5%8A%BF%E6%B1%87%E6%80%BB/
从0学习WebLogic CVE-2020-2551漏洞
https://xz.aliyun.com/t/7725
https://xz.aliyun.com/t/7725
Pupy利用分析—Windows平台下的功能
https://3gstudent.github.io/Pupy%E5%88%A9%E7%94%A8%E5%88%86%E6%9E%90-Windows%E5%B9%B3%E5%8F%B0%E4%B8%8B%E7%9A%84%E5%8A%9F%E8%83%BD/
https://3gstudent.github.io/Pupy%E5%88%A9%E7%94%A8%E5%88%86%E6%9E%90-Windows%E5%B9%B3%E5%8F%B0%E4%B8%8B%E7%9A%84%E5%8A%9F%E8%83%BD/
Python沙箱逃逸姿势总结
https://www.anquanke.com/post/id/205157
https://www.anquanke.com/post/id/205157
复杂风控场景下,如何打造一款高效的规则引擎
https://tech.meituan.com/2020/05/14/meituan-security-zeus.html
https://tech.meituan.com/2020/05/14/meituan-security-zeus.html
IIS Raid:使用本地模块构建的IIS后门
https://www.freebuf.com/sectool/231973.html
https://www.freebuf.com/sectool/231973.html
中通RASP安全防护方案初探
https://mp.weixin.qq.com/s/33CtW9ErXCDWoCJRFzlVPQ
https://mp.weixin.qq.com/s/33CtW9ErXCDWoCJRFzlVPQ
虎符杯两道NodeJS题目的分析
https://xz.aliyun.com/t/7714
https://xz.aliyun.com/t/7714
年度大型攻防实战全景:红蓝深度思考及多方联合推演
https://mp.weixin.qq.com/s/GVIUbtMTynfF5ALDbhXirg
https://mp.weixin.qq.com/s/GVIUbtMTynfF5ALDbhXirg
基于深度学习的物联网恶意软件家族细粒度分类研究
https://mp.weixin.qq.com/s/we1fr4_BKd7n-zVWzSRygg
https://mp.weixin.qq.com/s/we1fr4_BKd7n-zVWzSRygg
从STIX2.1看安全智能归来
https://mp.weixin.qq.com/s/nYV3S2oYNNnKcpvNAG751w
https://mp.weixin.qq.com/s/nYV3S2oYNNnKcpvNAG751w
针对南亚政府和军事组织的 BackConfig 恶意软件
https://paper.seebug.org/1202/
https://paper.seebug.org/1202/
复活Navex-使用图查询进行代码分析
https://uuuunotfound.github.io/2020/05/03/%E5%A4%8D%E6%B4%BBNavex-%E4%BD%BF%E7%94%A8%E5%9B%BE%E6%9F%A5%E8%AF%A2%E8%BF%9B%E8%A1%8C%E4%BB%A3%E7%A0%81%E5%88%86%E6%9E%90/
https://uuuunotfound.github.io/2020/05/03/%E5%A4%8D%E6%B4%BBNavex-%E4%BD%BF%E7%94%A8%E5%9B%BE%E6%9F%A5%E8%AF%A2%E8%BF%9B%E8%A1%8C%E4%BB%A3%E7%A0%81%E5%88%86%E6%9E%90/
Automatic Uncovering of Hidden Behaviors From Input Validation in Mobile Apps
https://securitygossip.com/blog/2020/04/14/automatic-uncovering-of-hidden-behaviors-from-input-validation-in-mobile-apps/
https://securitygossip.com/blog/2020/04/14/automatic-uncovering-of-hidden-behaviors-from-input-validation-in-mobile-apps/
内网渗透:使用ew实现socks代理
https://www.freebuf.com/sectool/234254.html
https://www.freebuf.com/sectool/234254.html
开发扫描器挖掘反射型XSS (一)
https://mp.weixin.qq.com/s/T2ULAKKGmRup6FFM8-vgSg
https://mp.weixin.qq.com/s/T2ULAKKGmRup6FFM8-vgSg
HFish蜜罐使用心得
https://www.freebuf.com/vuls/220646.html
https://www.freebuf.com/vuls/220646.html
6,000+ HackerOne Disclosed Reports
http://sec.eddyproject.com/6000-hackerone-disclosed-reports/
http://sec.eddyproject.com/6000-hackerone-disclosed-reports/
Double-Free BUG in WhatsApp exploit poc.[CVE-2020-11932]
https://github.com/ProjectorBUg/CVE-2020-11932
https://github.com/ProjectorBUg/CVE-2020-11932
大数据环境下安全情报融合体系构建
https://mp.weixin.qq.com/s/bjqv8zlSEl7waKHxBNIwyA
https://mp.weixin.qq.com/s/bjqv8zlSEl7waKHxBNIwyA
$20000 Facebook DOM XSS
https://vinothkumar.me/20000-facebook-dom-xss/
https://vinothkumar.me/20000-facebook-dom-xss/
SecWiki周刊(第323期)
https://www.sec-wiki.com/weekly/323
https://www.sec-wiki.com/weekly/323
From a naive-looking PDF Download to SSRF via HTML Injection in AWS
https://blog.appsecco.com/server-side-request-forgery-via-html-injection-in-pdf-download-90ee4053e911
https://blog.appsecco.com/server-side-request-forgery-via-html-injection-in-pdf-download-90ee4053e911
Analyzing Encrypted RDP Connections
https://corelight.blog/2020/05/13/analyzing-encrypted-rdp-connections/
https://corelight.blog/2020/05/13/analyzing-encrypted-rdp-connections/
2020 企业级区块链安全白皮书
http://blog.nsfocus.net/wp-content/uploads/2020/05/Enterprise-Grade-Blockchain-Whitepaper-.pdf
http://blog.nsfocus.net/wp-content/uploads/2020/05/Enterprise-Grade-Blockchain-Whitepaper-.pdf
Hijacking Library Functions and Injecting Code Using the Dynamic Linker
https://sumit-ghosh.com/articles/hijacking-library-functions-code-injection-ld-preload/
https://sumit-ghosh.com/articles/hijacking-library-functions-code-injection-ld-preload/
Hyper-V internals researches (2006-2019)
https://github.com/gerhart01/Hyper-V-Internals/blob/master/HyperResearchesHistory.md
https://github.com/gerhart01/Hyper-V-Internals/blob/master/HyperResearchesHistory.md
An Observational Investigation of Reverse Engineers’ Processes
https://securitygossip.com/blog/2020/04/28/an-observational-investigation-of-reverse-engineers-processes/
https://securitygossip.com/blog/2020/04/28/an-observational-investigation-of-reverse-engineers-processes/
Don’t Force Yourself to Become a Bug Bounty Hunter
https://samcurry.net/dont-force-yourself-to-become-a-bug-bounty-hunter/
https://samcurry.net/dont-force-yourself-to-become-a-bug-bounty-hunter/
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第324期)
