SecWiki周刊(第353期)
2020/11/30-2020/12/06
安全技术
[Web安全]  As-Exploits: 中国蚁剑后渗透框架
https://xz.aliyun.com/t/8591
[Web安全]  一次SQL注入导致的"越权"
https://www.sec-in.com/article/545
[Web安全]  红蓝对抗中的溯源反制实战
https://mp.weixin.qq.com/s/Dswz7lxNpW5yLxmWKtqY6Q
[工具]  EHole: (棱洞)-红队重点攻击系统指纹探测工具
https://github.com/ShiHuang-ESec/EHole
[Web安全]  内网技巧-RDP劫持及利用hash登录
https://xz.aliyun.com/t/8574
[工具]  WebLogicPasswordDecryptor - 解密 WebLogic 密文
https://github.com/Ch1ngg/WebLogicPasswordDecryptorUi
[取证分析]  BruteShark: Network Analysis Tool
https://github.com/odedshimon/BruteShark
[漏洞分析]  针对AWS Lambda的运行时攻击
https://mp.weixin.qq.com/s/duF1Z0EDC3n_G378Aq_XYA
[漏洞分析]  A Modern Exploration of Windows Memory Corruption Exploits - Part I
https://www.forrest-orr.net/post/a-modern-exploration-of-windows-memory-corruption-exploits-part-i-stack-overflows
[恶意分析]  Dissecting APT21 samples using a step-by-step approach
https://cybergeeks.tech/dissecting-apt21-samples-using-a-step-by-step-approach/
[Web安全]  Java中js命令执行的攻与防
https://xz.aliyun.com/t/8567
[恶意分析]  CAPEv2: Malware Configuration And Payload Extraction
https://github.com/kevoreilly/CAPEv2
[设备安全]  基于Codesys工控软PLC环境
https://mp.weixin.qq.com/s/28BgVoIt7Naij84HEDqtFQ
[取证分析]  手机app数据画像分析技战法
https://mp.weixin.qq.com/s/FdOeOC6JZE5a0r328nmtew
[Web安全]  python代码审计-osroom
https://www.sec-in.com/article/709
[取证分析]  MITRE ATT&CK基本概念
https://mp.weixin.qq.com/s/yOJNWazCeGKKMR8titj3cg
[Web安全]  意大利后台登录框POST注入实战
https://mp.weixin.qq.com/s/rtE1e55xOSBpMVfg0KGw8g
[运维安全]  Java程序恶意行为监控组件
https://www.freebuf.com/articles/compliance/256099.html
[漏洞分析]  Precise and Scalable Static Bug Finding for Industrial-Sized Code
https://qingkaishi.github.io/public_pdfs/thesis.pdf
[恶意分析]  如何实现一款 shellcodeLoader
https://paper.seebug.org/1413/
[其它]  云安全威胁检测项
https://help.aliyun.com/document_detail/191144.html
[Web安全]  韩国登录框POST注入到Getshell
https://mp.weixin.qq.com/s/Orb6hzZTwyXcEVxmwqgeUw
[取证分析]  Attribution: A Puzzle 攻击归因
https://blog.talosintelligence.com/2020/08/attribution-puzzle.html
[Web安全]  how2heap注意点总结-上
https://www.sec-in.com/article/722
[杂志]  SecWiki周刊(第352期)
https://www.sec-wiki.com/weekly/352
[运维安全]  云安全(一) - 浅谈基于IaaS公有云的中小型企业基础安全建设
https://blog.csdn.net/bloodzero_new/article/details/110670478
[恶意分析]  APT annual review: What the world's threat actors got up to in 2020
https://securelist.com/apt-annual-review-what-the-worlds-threat-actors-got-up-to-in-2020/99574/
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第353期)