SecWiki周刊(第369期)
2021/03/22-2021/03/28
安全资讯
《人民检察院办理网络犯罪案件规定》的理解与适用
https://mp.weixin.qq.com/s/VshK6oANVI_skfjuGEUHSw
https://mp.weixin.qq.com/s/VshK6oANVI_skfjuGEUHSw
安全技术
使用 AWS Lambda 隐藏 C&C 流量
https://mp.weixin.qq.com/s/F6QcVgSyXz3wwJlRDd8TVQ
https://mp.weixin.qq.com/s/F6QcVgSyXz3wwJlRDd8TVQ
利用字符集编码绕过waf的burp插件
https://github.com/GuoKerS/Charset_encoding-Burp
https://github.com/GuoKerS/Charset_encoding-Burp
Driftingblues3靶机渗透
https://www.sec-in.com/article/967
https://www.sec-in.com/article/967
我是如何低成本建立RapidDNS.io网站的
https://mp.weixin.qq.com/s/IwpflmaxVar3Vk5AqBmdAA
https://mp.weixin.qq.com/s/IwpflmaxVar3Vk5AqBmdAA
一些webshell免杀的技巧
https://xz.aliyun.com/t/9290
https://xz.aliyun.com/t/9290
国内网络安全信息与事件管理类产品研究与测试报告(2021年)
http://www.caict.ac.cn/kxyj/qwfb/ztbg/202103/P020210324512102846900.pdf
http://www.caict.ac.cn/kxyj/qwfb/ztbg/202103/P020210324512102846900.pdf
一些网络空间搜索引擎相关的资料
https://github.com/EXHades/CyberSpaceSearchEngine-Research
https://github.com/EXHades/CyberSpaceSearchEngine-Research
实践之后,我们来谈谈如何做好威胁建模
https://mp.weixin.qq.com/s/kNfTBoeFu90QPvYbPcR_OQ
https://mp.weixin.qq.com/s/kNfTBoeFu90QPvYbPcR_OQ
TinyInst动态插桩工具原理分析
https://www.anquanke.com/post/id/234925
https://www.anquanke.com/post/id/234925
A Year in the Life of a Compiler Fuzzing Campaign
https://blog.trailofbits.com/2021/03/23/a-year-in-the-life-of-a-compiler-fuzzing-campaign/
https://blog.trailofbits.com/2021/03/23/a-year-in-the-life-of-a-compiler-fuzzing-campaign/
硬核黑客笔记 - 怒吼吧电磁波 (上)
https://mp.weixin.qq.com/s/SUjjKY_TIj10rpQW9tkH9A
https://mp.weixin.qq.com/s/SUjjKY_TIj10rpQW9tkH9A
HFish初版审计学习
https://www.sec-in.com/article/949
https://www.sec-in.com/article/949
一次金融行业的红蓝对抗总结
https://www.sec-in.com/article/969
https://www.sec-in.com/article/969
记一次跌宕起伏的白盒审计到RCE
https://xz.aliyun.com/t/9319
https://xz.aliyun.com/t/9319
Kscan:轻量级的资产发现工具
https://github.com/lcvvvv/kscan
https://github.com/lcvvvv/kscan
网络空间测绘核心技术之:协议识别(DCERPC篇)
https://mp.weixin.qq.com/s/jsOyxiDBnvi4PiqdgA3dvw
https://mp.weixin.qq.com/s/jsOyxiDBnvi4PiqdgA3dvw
中国网络安全行业全景图(2021年3月第八版)
https://mp.weixin.qq.com/s/Z3rIpxl9ZOVuZzTABAojvg
https://mp.weixin.qq.com/s/Z3rIpxl9ZOVuZzTABAojvg
蓝队溯源与反制
https://xz.aliyun.com/t/9316
https://xz.aliyun.com/t/9316
H2C Smuggling in the Wild
https://blog.assetnote.io/2021/03/18/h2c-smuggling/
https://blog.assetnote.io/2021/03/18/h2c-smuggling/
SecWiki周刊(第368期)
https://www.sec-wiki.com/weekly/368
https://www.sec-wiki.com/weekly/368
2020年联网智能设备安全态势报告
https://mp.weixin.qq.com/s/GdSgHNTLjysqow4ka8tY7w
https://mp.weixin.qq.com/s/GdSgHNTLjysqow4ka8tY7w
MSSQL 数据库攻击实战指北—防守方攻略
https://mp.weixin.qq.com/s/uENvpPan7aVd7MbSoAT9Dg
https://mp.weixin.qq.com/s/uENvpPan7aVd7MbSoAT9Dg
浅析软件供应链攻击之包抢注低成本钓鱼
https://mp.weixin.qq.com/s/JWSjKZWyuSvXdzYhU0INmQ
https://mp.weixin.qq.com/s/JWSjKZWyuSvXdzYhU0INmQ
Java反序列化漏洞浅析
https://www.anquanke.com/post/id/235511
https://www.anquanke.com/post/id/235511
Hidden OAuth attack vectors
https://portswigger.net/research/hidden-oauth-attack-vectors
https://portswigger.net/research/hidden-oauth-attack-vectors
模型可解释性在保险理赔反欺诈中的实践
https://mp.weixin.qq.com/s/7Qa4PZCXARqEK-iphVPTjA
https://mp.weixin.qq.com/s/7Qa4PZCXARqEK-iphVPTjA
RemRAT潜伏在中东多年的Android间谍软件
https://mp.weixin.qq.com/s/RhM2qUxDWTyykCbSW6e8SQ
https://mp.weixin.qq.com/s/RhM2qUxDWTyykCbSW6e8SQ
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第369期)
