SecWiki周刊(第356期)
2020/12/21-2020/12/27
安全技术
发现并提取 Cobalt Strike 的配置信息
https://mp.weixin.qq.com/s/-jajjhu-6KVQvaZoh59Wuw
https://mp.weixin.qq.com/s/-jajjhu-6KVQvaZoh59Wuw
一次众测实战sql注入绕过
https://mp.weixin.qq.com/s/9BXMK4mVNKqQiBRkkiEJWg
https://mp.weixin.qq.com/s/9BXMK4mVNKqQiBRkkiEJWg
从Solarwinds供应链攻击(金链熊)看APT行动中的隐蔽作战
https://mp.weixin.qq.com/s/UqXC1vovKUu97569LkYm2Q
https://mp.weixin.qq.com/s/UqXC1vovKUu97569LkYm2Q
基于AI的恶意加密流量检测效果专题研究
https://www.aqniu.com/vendor/71886.html
https://www.aqniu.com/vendor/71886.html
记一次渗透日本某大学实战案例
https://mp.weixin.qq.com/s/FFpyzQQeOAvTRQ0iGtXW5A
https://mp.weixin.qq.com/s/FFpyzQQeOAvTRQ0iGtXW5A
记传奇私服浏览器劫持的处置方案
https://mp.weixin.qq.com/s/-ckPlrgU3O_WEDmTo3Rbyg
https://mp.weixin.qq.com/s/-ckPlrgU3O_WEDmTo3Rbyg
Exploiting a Single Instruction Race Condition in Binder
https://blog.longterm.io/cve-2020-0423.html
https://blog.longterm.io/cve-2020-0423.html
HTTP协议攻击方法汇总(上)
https://www.anquanke.com/post/id/224321
https://www.anquanke.com/post/id/224321
AISecOps智能安全运营技术白皮书
http://blog.nsfocus.net/wp-content/uploads/2020/12/AISecOps_White_Paper_NSFOCUS_20201218.pdf
http://blog.nsfocus.net/wp-content/uploads/2020/12/AISecOps_White_Paper_NSFOCUS_20201218.pdf
软件供应链来源攻击分析报告
https://mp.weixin.qq.com/s/ypKn7uanv7oSDc4h8zvmgQ
https://mp.weixin.qq.com/s/ypKn7uanv7oSDc4h8zvmgQ
聊聊漏洞自动修复技术的行业现状
https://mp.weixin.qq.com/s/xgwdhBSvE7yW0YcekGEWjA
https://mp.weixin.qq.com/s/xgwdhBSvE7yW0YcekGEWjA
计算机系统研究的一些体会
https://www.bilibili.com/video/BV1Ap4y167w3?p=1
https://www.bilibili.com/video/BV1Ap4y167w3?p=1
用DNS进行网络度量和安全分析
https://mp.weixin.qq.com/s/L_wDNJtznQvrCyx1Kd1SlQ
https://mp.weixin.qq.com/s/L_wDNJtznQvrCyx1Kd1SlQ
工业互联网数据安全白皮书(2020)
http://www.nisia.org.cn/filedownload/203590
http://www.nisia.org.cn/filedownload/203590
S2-016漏洞整理
https://www.sec-in.com/article/753
https://www.sec-in.com/article/753
Analyzing Cobalt Strike for Fun and Profit
https://www.randhome.io/blog/2020/12/20/analyzing-cobalt-strike-for-fun-and-profit/
https://www.randhome.io/blog/2020/12/20/analyzing-cobalt-strike-for-fun-and-profit/
Source Code Audit Training Archive
https://blog.recurity-labs.com/2020-12-23/code-audit-training-archive.html
https://blog.recurity-labs.com/2020-12-23/code-audit-training-archive.html
HTTP协议攻击方法汇总(下)
https://www.anquanke.com/post/id/225955
https://www.anquanke.com/post/id/225955
浅谈安全运营平台中数据分析交互逻辑的设计
https://zhuanlan.zhihu.com/p/339629476
https://zhuanlan.zhihu.com/p/339629476
SecWiki周刊(第355期)
https://www.sec-wiki.com/weekly/355
https://www.sec-wiki.com/weekly/355
MySQL注入Load_File()函数应用
https://mp.weixin.qq.com/s/nl_xYX5rd1UiIK4t9XYDuA
https://mp.weixin.qq.com/s/nl_xYX5rd1UiIK4t9XYDuA
细说APT之Rootkit自我保护
https://xz.aliyun.com/t/8675
https://xz.aliyun.com/t/8675
搞基大队QQ群验证问题解题过程
https://mp.weixin.qq.com/s/BmaflwjC6tghjJlysbtYkg
https://mp.weixin.qq.com/s/BmaflwjC6tghjJlysbtYkg
Molerats组织滥用云服务的攻击活动分析
https://mp.weixin.qq.com/s/iWYr18hSLBBL4Y1-hAmEeg
https://mp.weixin.qq.com/s/iWYr18hSLBBL4Y1-hAmEeg
记录一次从弱口令到远程登陆
https://mp.weixin.qq.com/s/gzchD7_uKHjvISpSpdxFDw
https://mp.weixin.qq.com/s/gzchD7_uKHjvISpSpdxFDw
2020年综述性论文合辑(上)
https://mp.weixin.qq.com/s/e-3rSS2F7lVV9SMMnoqylQ
https://mp.weixin.qq.com/s/e-3rSS2F7lVV9SMMnoqylQ
SolarWinds失陷服务器测绘分析报告
https://www.anquanke.com/post/id/226029
https://www.anquanke.com/post/id/226029
2020年综述性论文合辑(下)
https://mp.weixin.qq.com/s/c43NfYaz3F-t1V93gOGKdw
https://mp.weixin.qq.com/s/c43NfYaz3F-t1V93gOGKdw
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第356期)
