SecWiki周刊(第326期)
2020/05/25-2020/05/31
安全资讯
美国国防高级研究计划局未来网络安全研发趋势分析
https://mp.weixin.qq.com/s/gWrMODC3Rkznk-swglI0Qw
https://mp.weixin.qq.com/s/gWrMODC3Rkznk-swglI0Qw
安全技术
DIMVA 2020 论文录用列表
https://mp.weixin.qq.com/s/vdzrImsGD7dnPs0HZNr_SQ
https://mp.weixin.qq.com/s/vdzrImsGD7dnPs0HZNr_SQ
DNSLOG平台搭建从0到1
https://mp.weixin.qq.com/s/NL6sHFhOgumQh7oFZNLgYQ
https://mp.weixin.qq.com/s/NL6sHFhOgumQh7oFZNLgYQ
weblogic t3协议回显穿透nat以及获取内网地址
https://mp.weixin.qq.com/s/cwkZXWCOKYpLDK9o_J_G1w
https://mp.weixin.qq.com/s/cwkZXWCOKYpLDK9o_J_G1w
sqlmap关于MSSQL执行命令研究
https://mp.weixin.qq.com/s/U1MaRyNJjiX4yxZt1TW4TA
https://mp.weixin.qq.com/s/U1MaRyNJjiX4yxZt1TW4TA
“网鼎杯”朱雀之战——魔法房间题解
https://mp.weixin.qq.com/s/4vgBmesl2KICNSoDEep_5Q
https://mp.weixin.qq.com/s/4vgBmesl2KICNSoDEep_5Q
APT的思考: CMD命令混淆高级对抗
https://mp.weixin.qq.com/s/hJ6gn9EMKNmMOofEg3i6Iw
https://mp.weixin.qq.com/s/hJ6gn9EMKNmMOofEg3i6Iw
Fuzzing战争: 从刀剑弓斧到星球大战
https://mp.weixin.qq.com/s/nREiT1Uj25igCMWu1kta9g
https://mp.weixin.qq.com/s/nREiT1Uj25igCMWu1kta9g
Apache CommonCollection Gadget几种特殊的玩法
https://mp.weixin.qq.com/s/xwEOpEkPurwP119tonUzVQ
https://mp.weixin.qq.com/s/xwEOpEkPurwP119tonUzVQ
Moodle DOM Stored XSS to RCE
https://cube01.io/blog/Moodle-DOM-Stored-XSS-to-RCE.html
https://cube01.io/blog/Moodle-DOM-Stored-XSS-to-RCE.html
S7CommPlus协议研究
https://www.anquanke.com/post/id/206579
https://www.anquanke.com/post/id/206579
闲谈Webshell实战应用
https://www.anquanke.com/post/id/206664
https://www.anquanke.com/post/id/206664
基于机器学习的GitHub敏感信息泄露监控
https://www.anquanke.com/post/id/205969
https://www.anquanke.com/post/id/205969
Look for traces of APT attacks through the ZoomEye history api
https://paper.seebug.org/1220/
https://paper.seebug.org/1220/
由喝啤酒引发的军事情报人员信息泄露
https://mp.weixin.qq.com/s/sJyTd50SukIFuVjPSTrFDQ
https://mp.weixin.qq.com/s/sJyTd50SukIFuVjPSTrFDQ
全链路自动化监控平台的探索与实践
https://mp.weixin.qq.com/s/j44LMlItuTodfJvL_YGTUA
https://mp.weixin.qq.com/s/j44LMlItuTodfJvL_YGTUA
SecWiki周刊(第325期)
https://www.sec-wiki.com/weekly/325
https://www.sec-wiki.com/weekly/325
Thinkphp5代码执行学习
https://xz.aliyun.com/t/7792
https://xz.aliyun.com/t/7792
testing_wave: 被动式web扫描器
https://github.com/guimaizi/testing_wave
https://github.com/guimaizi/testing_wave
codeql学习——污点分析
https://xz.aliyun.com/t/7789
https://xz.aliyun.com/t/7789
OXID eShop 6.x below 6.3.4 SQL Injection (SQLi) to RCE Vulnerability Exploit
https://www.vulnspy.com/en-oxid-eshop-6.x-sqli-to-rce/
https://www.vulnspy.com/en-oxid-eshop-6.x-sqli-to-rce/
Magic [probably] behind Hex-Rays
https://engineering.avast.io/magic-probably-behind-hex-rays/
https://engineering.avast.io/magic-probably-behind-hex-rays/
使用 ZoomEye 寻找 APT 攻击的蛛丝马迹
https://paper.seebug.org/1219/
https://paper.seebug.org/1219/
From Agent.BTZ to ComRAT v4: A ten‑year journey
https://www.welivesecurity.com/2020/05/26/agentbtz-comratv4-ten-year-journey/
https://www.welivesecurity.com/2020/05/26/agentbtz-comratv4-ten-year-journey/
浅析域渗透中的组策略利用
https://xz.aliyun.com/t/7784
https://xz.aliyun.com/t/7784
基于域名图谱嵌入的恶意域名挖掘
https://mp.weixin.qq.com/s/LeK6QYHwd3k3UlyAuSkcZA
https://mp.weixin.qq.com/s/LeK6QYHwd3k3UlyAuSkcZA
从DNS角度看NTP pool服务器的使用
https://blog.netlab.360.com/look-at-ntp-pool-using-dns-data/
https://blog.netlab.360.com/look-at-ntp-pool-using-dns-data/
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第326期)
