SecWiki周刊(第328期)
2020/06/08-2020/06/14
安全资讯
[观点]  《黑镜》:斯诺登揭露NSA的社交图谱工厂
https://www.anquanke.com/post/id/207943
[新闻]  工控安全事件汇总与分析
https://mp.weixin.qq.com/s/rG1oG8nz07DtRKTRaJjM7A
安全技术
[Web安全]  MSSQL注入 突破不能堆叠的限制执行系统命令
https://mp.weixin.qq.com/s/CcgUb7mLlP2xjcrpy5VGbQ
[工具]  基于正则的VSCode代码审计插件
https://github.com/m4yfly/vscode-maudit
[Web安全]  冰蝎改造之适配基于tomcat Filter的无文件webshell
https://mp.weixin.qq.com/s/n1wrjep4FVtBkOxLouAYfQ
[Web安全]  Python 代码审计
https://github.com/MisakiKata/python_code_audit
[数据挖掘]  AISecOps:打造可信任安全智能
https://mp.weixin.qq.com/s/Tz9V05CHqLg_Wt4yfJZffQ
[恶意分析]  玖色直播安全情报报告
https://www.anquanke.com/post/id/207825
[取证分析]  [Sec-Trans-12] Github信息收集
https://mp.weixin.qq.com/s/LnjKK1YJ7BvMXPuFbeq37w
[论文]  Google 技术文档写作课
https://developers.google.com/tech-writing/one
[恶意分析]  开源软件供应链攻击回顾
https://www.anquanke.com/post/id/207836
[运维安全]  操作系统基线检查脚本
https://www.freebuf.com/sectool/237396.html
[Web安全]  碎遮SZhe_Scan Web漏洞扫描器
https://github.com/Cl0udG0d/SZhe_Scan
[Web安全]  渗透中的内网渗透
https://mp.weixin.qq.com/s/Mk5P_04SAitUjRztc9e-Rw
[设备安全]  D-Link DIR815路由器缓冲区溢出漏洞再分析
https://xz.aliyun.com/t/7835
[漏洞分析]  Monstra CMS RCE漏洞分析(CVE-2020-13384)
https://xz.aliyun.com/t/7850
[漏洞分析]  ScanCVE: 监控Github上CVE增量
https://github.com/grayddq/ScanCVE
[漏洞分析]  用于UAF漏洞的二进制级定向模糊测试
https://www.anquanke.com/post/id/207827
[设备安全]  Misbinding Attacks on Secure Device Pairing and Bootstrapping
https://securitygossip.com/blog/2020/05/19/misbinding-attacks-on-secure-device-pairing-and-bootstrapping/
[漏洞分析]  vBulletin 5.6.1 SQL注入漏洞
https://xz.aliyun.com/t/7831
[Web安全]  白盒系列之变量追踪引擎(一)
https://www.freebuf.com/articles/web/236537.html
[Web安全]  BetterSafetyKatz: SafetyKatz dynamically fetches the latest pre-compile
https://github.com/Flangvik/BetterSafetyKatz
[漏洞分析]  JAVA 8u20 反序列化漏洞分析
https://paper.seebug.org/1232/
[运维安全]  MySQL数据库巡检系统的设计与应用
https://tech.meituan.com/2020/06/04/mysql-detection-system.html
[恶意分析]  php-malware-finder – Detect Potentially Malicious PHP
https://github.com/jvoisin/php-malware-finder
[Web安全]  2019年中国国内安全会议年报
https://www.hackinn.com/index.php/archives/688/
[Web安全]  pyc 混淆从入门到工具实现
https://mp.weixin.qq.com/s/qvbwTAmDOvpHrAoNdQ7RRA
[漏洞分析]  我对外挂的理解
https://forum.90sec.com/t/topic/1095
[恶意分析]  代码克隆检测技术初探和开源工具地址分享
https://www.freebuf.com/sectool/233772.html
[恶意分析]  探索如何使用自动化实现对恶意JavaScript脚本的反混淆处理
https://www.anquanke.com/post/id/207813
[杂志]  SecWiki周刊(第327期)
https://www.sec-wiki.com/weekly/327
[Web安全]  Anti-Debugging JavaScript Techniques
https://isc.sans.edu/forums/diary/AntiDebugging+JavaScript+Techniques/26228/
[Web安全]  Careem AWS S3 Bucket Takeover
https://ahussam.me/careem-aws-s3-bucket-takeover/
[恶意分析]  Predict attacker groups from the techniques and software used
https://github.com/omergunal/Attacker-Group-Predictor
[Web安全]  记一次测试Gitlab
https://xz.aliyun.com/t/7870
[Web安全]  初探PythonOpcode逃逸
https://xz.aliyun.com/t/7828
[Web安全]  LFCMS的一次审计
https://xz.aliyun.com/t/7844
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第328期)