SecWiki周刊(第351期)
2020/11/16-2020/11/22
安全技术
[Web安全]  针对小程序的漏洞挖掘
https://www.sec-in.com/article/648
[Web安全]  谈谈信息安全入门这事
https://blog.csdn.net/bloodzero_new/article/details/109755532
[工具]  TailorScan: 自用缝合怪内网扫描器
https://github.com/uknowsec/TailorScan
[取证分析]  微信聊天记录导出工具
https://github.com/forest0/wechat_history_export
[比赛]  2020西湖论剑IoT闯关赛回顾&Writeup
https://mp.weixin.qq.com/s/IGZUIY2w8aRJZUbZa3UqHA
[设备安全]  工控CTF仿真环境
https://www.anquanke.com/post/id/222674
[比赛]  太湖杯密码学 Aegis 题解
https://www.anquanke.com/post/id/222629
[漏洞分析]  探索先进自动化漏洞挖掘技术中的不足
https://mp.weixin.qq.com/s/1q_YCJoyCREtgU3X2_0uqQ
[运维安全]  zbn: 安全编排与自动化响应平台
https://github.com/zbnio/zbn
[取证分析]  NIST《网络靶场指南》浅析
https://mp.weixin.qq.com/s/0FQwtu-TKyVuaAhpdu0huA
[工具]  利用avdump转储lsass.exe进程
https://mp.weixin.qq.com/s/bHDMTlY-YZxx9dS-MqQfRA
[其它]  神经工程与脑机接口信息安全 全景图 V0.1
https://www.anquanke.com/post/id/223008
[比赛]  强网杯2020决赛RealWord题ADoBe(ADB)
https://www.anquanke.com/post/id/222391
[Web安全]  计算机与网络安全系列书籍推荐
https://blog.csdn.net/bloodzero_new/article/details/109755474
[Web安全]  webscan:browser-based network IP scanner
http://samy.pl/webscan/
[漏洞分析]  从0到tfp0第一部分:基础知识
https://xz.aliyun.com/t/8509
[恶意分析]  Python 源码混淆与加密
https://mp.weixin.qq.com/s/LmxdXRjMCOIisQzCISBoGw
[运维安全]  玩转容器安全一 - 虚拟机搭建简易版K8s集群
https://blog.csdn.net/bloodzero_new/article/details/109829702
[Web安全]  完成一次渗透测试项目
https://blog.csdn.net/bloodzero_new/article/details/109755579
[漏洞分析]  Docker安全实践
https://mp.weixin.qq.com/s/9PWg4jIztJcutAY-ohzJUw
[数据挖掘]  知名网络空间普查与网络测绘组织研究报告 第二期-Shodan篇
http://plcscan.org/blog/2020/11/research-report-of-renowned-internet-census-organization-shodan/
[设备安全]  国内在线车联网平台(道路运输车辆卫星定位系统)安全威胁分析报告
http://plcscan.org/blog/2020/11/china-internet-of-vehicles-security-threat-analysis-report/
[Web安全]  常见WAF进程/服务与WAF识别总结
https://mp.weixin.qq.com/s/qjLCgmSPOY0iaF53g7VzMg
[取证分析]  基于某款游戏利用的反射攻击分析
https://security.tencent.com/index.php/blog/msg/169
[Web安全]  看雪Re_翩若惊鸿
https://www.sec-in.com/article/661
[漏洞分析]  Decrypting OpenSSH sessions for fun and profit
https://research.nccgroup.com/2020/11/11/decrypting-openssh-sessions-for-fun-and-profit/
[杂志]  SecWiki周刊(第350期)
https://www.sec-wiki.com/weekly/350
[Web安全]  Linux透明代理在红队渗透中的应用
https://payloads.online/archivers/2020-11-13/1
[漏洞分析]  Greybox Automatic Exploit Generation for Heap Overflows in Language Interpreters
https://seanhn.files.wordpress.com/2020/11/heelan_phd_thesis.pdf
[Web安全]  浅谈URI中的任意文件下载
https://www.sec-in.com/article/549
[恶意分析]  Advanced Threat predictions for 2021
https://securelist.com/apt-predictions-for-2021/99387/
[Web安全]  回首再看CTF中的那些PHP弱类型
https://www.sec-in.com/article/654
[Web安全]  记一次三层网络环境的靶场渗透
https://xz.aliyun.com/t/8519
[其它]  常见反病毒进程/服务/识别总结
https://mp.weixin.qq.com/s/0BslalFBU0pmf0TbLus2UA
[Web安全]  高级的MSSQL注入技巧
https://xz.aliyun.com/t/8513
[Web安全]  2020NPUCTF公开赛 WEB部分Writeup
https://www.sec-in.com/article/280
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第351期)