SecWiki周刊(第331期)
2020/06/29-2020/07/05
安全技术
[运维安全]  不一样的 "反弹Shell" 系统剖析
https://mp.weixin.qq.com/s/VAHriOf4HVUna3FxhKg_OA
[Web安全]  Taking over Azure DevOps Accounts with 1 Click
https://blog.assetnote.io/2020/06/28/subdomain-takeover-to-account-takeover/?v=2
[Web安全]  子域名监控式漏洞扫描
https://github.com/MisakiKata/crawlergo_sub
[移动安全]  硬件分析的常用工具与基础方法
https://mp.weixin.qq.com/s/KFm870IFHGEHRnsek9d3lg
[漏洞分析]  ZombieVPN, Breaking That Internet Security
https://0xsha.io/posts/zombievpn-breaking-that-internet-security
[Web安全]  红蓝对抗之Windows内网渗透
https://mp.weixin.qq.com/s/OGiDm3IHBP3_g0AOIHGCKA
[比赛]  CTF实战特训营实训真题
https://zhuanlan.zhihu.com/p/148384035
[漏洞分析]  BIG IP CVE-2020-5902 漏洞检测与利用
https://bacde.me/post/big-ip-cve-2020-5902-check-poc/
[移动安全]  Android App Source code Extraction and Bypassing Root and SSL Pinning checks
https://vj0shii.info/android-app-testing-initial-steps/
[运维安全]  10 Years of Linux Security
https://grsecurity.net/10_years_of_linux_security.pdf
[Web安全]  Oracle 注入学习(终结版)
https://mp.weixin.qq.com/s/BvZ0niXtofDMjzUpHxjKig
[数据挖掘]  初探网络安全智能决策
https://mp.weixin.qq.com/s/EStPo05HwUTQHOTRx7qltg
[Web安全]  攻防演练实战中的若干Tips
https://www.freebuf.com/articles/es/240003.html
[取证分析]  踩坑记录-DNS Beacon
https://xz.aliyun.com/t/7938
[恶意分析]  全球高级持续性威胁(APT)2020年中报告
https://ti.qianxin.com/uploads/2020/06/29/e4663b4f11f01e5ec8a1a5d91a71dc72.pdf
[设备安全]  小议智能设备安全研究
https://mp.weixin.qq.com/s/Wc6rE_2rVKHOPoCQzmGvKg
[运维安全]  Docker安全性与攻击面分析
https://mp.weixin.qq.com/s/BaeIGrBimww8SUtePDQ0jA
[工具]  leonidas: Automated Attack Simulation in the Cloud
https://github.com/FSecureLABS/leonidas
[Web安全]  Windows/Linux文件下载方式汇总
https://xz.aliyun.com/t/7937
[漏洞分析]  CVE-2020-1948 Apache Dubbo Hessian 反序列化漏洞分析
https://www.anquanke.com/post/id/209251
[恶意分析]  DDG的新征程——自研P2P协议构建混合P2P网络
https://www.anquanke.com/post/id/209351
[Web安全]  渗透经验分享之SQL注入思路拓展
https://xz.aliyun.com/t/7919
[数据挖掘]  图卷积神经网络在企业侧网络安全运营中的应用
https://mp.weixin.qq.com/s/d6fpwQlNBUlBba3spJu3wA
[Web安全]  对Linux 提权的简单总结
https://xz.aliyun.com/t/7924
[漏洞分析]  Dubbo2.7.7 反序列化漏洞绕过分析
https://paper.seebug.org/1263/
[Web安全]  浅谈短信验证码漏洞
https://xz.aliyun.com/t/7926
[漏洞分析]  Exploiting an Envoy heap vulnerability
https://blog.envoyproxy.io/exploiting-an-envoy-heap-vulnerability-96173d41792
[设备安全]  Hacking All The Cars - CAN总线逆向
https://www.anquanke.com/post/id/209141
[Web安全]  第五空间-WriteUp
https://mp.weixin.qq.com/s/TyJsK5Rkg6MXvADS13RIcA
[漏洞分析]  Breaking Windows KASLR by Leaking KVA Shadow Mappings
https://labs.bluefrostsecurity.de/blog/2020/06/30/meltdown-reloaded-breaking-windows-kaslr/
[设备安全]  Apple Lightning
https://nyansatan.github.io/lightning/
[漏洞分析]  Some DOS bugs while processing Microsoft LNK files
https://ezqelusia.blogspot.com/2020/06/some-dos-bugs-while-processing.html
[漏洞分析]  Automating DLL Hijack Discovery
https://posts.specterops.io/automating-dll-hijack-discovery-81c4295904b0
[取证分析]  浅谈 NLP 技术在威胁情报中的应用
https://paper.seebug.org/1256/
[漏洞分析]  利用差分重放技术检测未初始化变量的使用
https://mp.weixin.qq.com/s/CjNaxF3Z465u30ugvbDt1w
[运维安全]  Detect lateral movement with Azure Sentinel
https://zolder.io/2020/07/01/using-a-firewall-and-sentinel-to-detect-lateral-movement/?a=q
[漏洞分析]  TuxGuitar - stealing local files (XXE)
https://logicaltrust.net/blog/2020/06/tuxguitar.html
[杂志]  SecWiki周刊(第330期)
https://www.sec-wiki.com/weekly/330
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第331期)