SecWiki周刊(第391期)
2021/08/23-2021/08/29
安全技术
Nginx 场景绕过之一: URL white spaces + Gunicorn
https://github.com/CHYbeta/OddProxyDemo/blob/master/nginx/demo1/README.md
https://github.com/CHYbeta/OddProxyDemo/blob/master/nginx/demo1/README.md
全球高级持续性威胁(APT)2021年中报告
https://ti.qianxin.com/uploads/2021/08/26/67c584e9e1e86a8dc3f40801f05eb981.pdf
https://ti.qianxin.com/uploads/2021/08/26/67c584e9e1e86a8dc3f40801f05eb981.pdf
learning-codeql: CodeQL Java 全网最全的中文学习资料
https://github.com/SummerSec/learning-codeql
https://github.com/SummerSec/learning-codeql
BloodHound:Six Degrees of Domain Admin
https://github.com/BloodHoundAD/BloodHound
https://github.com/BloodHoundAD/BloodHound
漫谈PHP反汇编器/反编译器
https://mp.weixin.qq.com/s/bmdSyZem46aukj_hvLhu0w
https://mp.weixin.qq.com/s/bmdSyZem46aukj_hvLhu0w
Electron的openExternal可控利用点分析
https://www.anquanke.com/post/id/251224
https://www.anquanke.com/post/id/251224
面向开源软件的自动化漏洞数据采集与处理技术研究
https://mp.weixin.qq.com/s/P9zQI7I2obCpov_LMIeKIw
https://mp.weixin.qq.com/s/P9zQI7I2obCpov_LMIeKIw
HybridTestFramewrok: End to End testing of Web, API and Security
https://github.com/dipjyotimetia/HybridTestFramewrok#setup--tools
https://github.com/dipjyotimetia/HybridTestFramewrok#setup--tools
seed-emulator: A Python framework for creating emulation of the Internet.
https://github.com/seed-labs/seed-emulator
https://github.com/seed-labs/seed-emulator
通过漏洞预测改进漏洞修复决策
https://mp.weixin.qq.com/s/LOBnwPsYMNfLg9nkeeMi-w
https://mp.weixin.qq.com/s/LOBnwPsYMNfLg9nkeeMi-w
The Hacker Recipes 黑客实操笔记
https://www.thehacker.recipes/
https://www.thehacker.recipes/
海量恶意样本下高性能 Yara 检测方案
https://mp.weixin.qq.com/s/vtmrhjXzL3gj8m_1uwgtmw
https://mp.weixin.qq.com/s/vtmrhjXzL3gj8m_1uwgtmw
过往可能低估了反射放大 DDoS 的风险
https://mp.weixin.qq.com/s/feav2bcigQScbze4C5psSw
https://mp.weixin.qq.com/s/feav2bcigQScbze4C5psSw
浅谈云上攻防——对象存储服务访问策略评估机制研究
https://mp.weixin.qq.com/s/ncWGrMsIAvh9HEK1QC5IGQ
https://mp.weixin.qq.com/s/ncWGrMsIAvh9HEK1QC5IGQ
windows10内核态提权方法汇总
https://wonderkun.cc/2021/08/22/windows10%E5%86%85%E6%A0%B8%E6%80%81%E6%8F%90%E6%9D%83%E6%96%B9%E6%B3%95%E6%B1%87%E6%80%BB/
https://wonderkun.cc/2021/08/22/windows10%E5%86%85%E6%A0%B8%E6%80%81%E6%8F%90%E6%9D%83%E6%96%B9%E6%B3%95%E6%B1%87%E6%80%BB/
SecWiki周刊(第390期)
https://www.sec-wiki.com/weekly/390
https://www.sec-wiki.com/weekly/390
[HTB] Admirer Writeup
https://mp.weixin.qq.com/s/8scaoLaiENuL_L5eLM7hYg
https://mp.weixin.qq.com/s/8scaoLaiENuL_L5eLM7hYg
MSSQL数据库注入全方位利用
https://www.anquanke.com/post/id/248896
https://www.anquanke.com/post/id/248896
Escape from chrome sandbox to root
https://vul.360.net/archives/217?continueFlag=b9e944728e53a56fa7ff39d24c55dc4a
https://vul.360.net/archives/217?continueFlag=b9e944728e53a56fa7ff39d24c55dc4a
面向开放域的无监督实体对齐
https://mp.weixin.qq.com/s/gH1VNCUVT5Hd5lGaGvEO2w
https://mp.weixin.qq.com/s/gH1VNCUVT5Hd5lGaGvEO2w
Weaponizing Middleboxes for TCP Reflected Amplification
https://geneva.cs.umd.edu/posts/usenix21-weaponizing-censors/?continueFlag=b9e944728e53a56fa7ff39d24c55dc4a
https://geneva.cs.umd.edu/posts/usenix21-weaponizing-censors/?continueFlag=b9e944728e53a56fa7ff39d24c55dc4a
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第391期)
