SecWiki周刊(第367期)
2021/03/08-2021/03/14
安全技术
某oa java代码审计1
https://xz.aliyun.com/t/9225
https://xz.aliyun.com/t/9225
某oa java代码审计2
https://xz.aliyun.com/t/9226
https://xz.aliyun.com/t/9226
GoScan: 分布式综合资产管理系统
https://github.com/CTF-MissFeng/GoScan
https://github.com/CTF-MissFeng/GoScan
TIG 威胁情报收集
https://github.com/wgpsec/tig
https://github.com/wgpsec/tig
如何攻击深度学习系统——后门攻防
https://www.anquanke.com/post/id/232414
https://www.anquanke.com/post/id/232414
Shiro 反序列化漏洞利用工具编写思路
https://mp.weixin.qq.com/s/WDmj4-2lB-hlf_Fm_wDiOg
https://mp.weixin.qq.com/s/WDmj4-2lB-hlf_Fm_wDiOg
IoT设备漏洞复现到固件后门植入
https://www.anquanke.com/post/id/232845
https://www.anquanke.com/post/id/232845
SecWiki周刊(第366期)
https://www.sec-wiki.com/weekly/366
https://www.sec-wiki.com/weekly/366
网络测绘-立体呈现网络事件细节知多少?
https://mp.weixin.qq.com/s/LwWMfOMqSgArtv9jlfaPRw
https://mp.weixin.qq.com/s/LwWMfOMqSgArtv9jlfaPRw
Google内部开源组件的风险治理框架与工作流程窥探
https://zhuanlan.zhihu.com/p/356415256
https://zhuanlan.zhihu.com/p/356415256
监控github上新增的cve编号项目漏洞
https://github.com/yhy0/github-cve-monitor
https://github.com/yhy0/github-cve-monitor
从PR中学习如何修改 flashrom 读取国产 flash
https://mp.weixin.qq.com/s/kifu_p4eOfy1kuSfLMrXMw
https://mp.weixin.qq.com/s/kifu_p4eOfy1kuSfLMrXMw
Japan Security Analyst Conference 2021 -1st Track-
https://blogs.jpcert.or.jp/en/2021/03/jsac2021report3.html
https://blogs.jpcert.or.jp/en/2021/03/jsac2021report3.html
最后防线:osquery功能与实现
https://mp.weixin.qq.com/s/PvnLnn1gDcl_X4fyocyPrA
https://mp.weixin.qq.com/s/PvnLnn1gDcl_X4fyocyPrA
JavaScript反调试技巧
https://mp.weixin.qq.com/s/NMJd91AmuGEANz00sZELfw
https://mp.weixin.qq.com/s/NMJd91AmuGEANz00sZELfw
对蚁剑的相关改造及分析
https://www.anquanke.com/post/id/233114
https://www.anquanke.com/post/id/233114
D^3CTF-WriteUp
https://mp.weixin.qq.com/s/oOf0RI6P2hEwtPXWP6yU4Q
https://mp.weixin.qq.com/s/oOf0RI6P2hEwtPXWP6yU4Q
RapidDNS.IO 网站应用实例
https://mp.weixin.qq.com/s/ttbJY33W7Bmog_MgNZXc6Q
https://mp.weixin.qq.com/s/ttbJY33W7Bmog_MgNZXc6Q
通达 OA 11.7 组合拳 RCE 利用分析
通达 OA 11.7 组合拳 RCE 利用分析
通达 OA 11.7 组合拳 RCE 利用分析
牛红红的日记(平平无奇拿下域控)
https://www.sec-in.com/article/903
https://www.sec-in.com/article/903
免杀/一句话木马(PHP)
https://xz.aliyun.com/t/9246
https://xz.aliyun.com/t/9246
两道CSP题目绕过分析
https://xz.aliyun.com/t/9219
https://xz.aliyun.com/t/9219
漏洞威胁分析报告(上册)- 不同视角下的漏洞威胁
https://mp.weixin.qq.com/s/gIEPvwBE61axZfhBbB9aiw
https://mp.weixin.qq.com/s/gIEPvwBE61axZfhBbB9aiw
Examining Exchange Exploitation and its Lessons for Defenders
https://www.domaintools.com/resources/blog/examining-exchange-exploitation-and-its-lessons-for-defenders
https://www.domaintools.com/resources/blog/examining-exchange-exploitation-and-its-lessons-for-defenders
Data Science Testbed for Security Researchers
https://www.azsecure-data.org/
https://www.azsecure-data.org/
A Basic Timeline of the Exchange Mass-Hack
https://krebsonsecurity.com/2021/03/a-basic-timeline-of-the-exchange-mass-hack/
https://krebsonsecurity.com/2021/03/a-basic-timeline-of-the-exchange-mass-hack/
-----微信ID:SecWiki-----
SecWiki,13年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第367期)
