SecWiki周刊(第404期)
2021/11/22-2021/11/28
安全技术
反向探测互联网扫描器
https://blog.xlab.app/p/d44cc35d/
https://blog.xlab.app/p/d44cc35d/
蓝队反制后的自动化信息收集
https://www.anquanke.com/post/id/259358
https://www.anquanke.com/post/id/259358
反序列化小子捕获器-反制ysoserial
https://mp.weixin.qq.com/s/Ww_IxNLXI0KWZYERGwu3bg
https://mp.weixin.qq.com/s/Ww_IxNLXI0KWZYERGwu3bg
2021年“绿盟杯”重庆市大学生信息安全竞赛-WP
https://www.anquanke.com/post/id/256976
https://www.anquanke.com/post/id/256976
浅谈企业级供应链投毒应急安全能力建设
https://mp.weixin.qq.com/s/JAODc20qG5iRKVJmgGPYRw
https://mp.weixin.qq.com/s/JAODc20qG5iRKVJmgGPYRw
西湖论剑gghdl题解
http://blog.bluesadi.cn/2021/11/24/%E8%A5%BF%E6%B9%96%E8%AE%BA%E5%89%91gghdl%E9%A2%98%E8%A7%A3/
http://blog.bluesadi.cn/2021/11/24/%E8%A5%BF%E6%B9%96%E8%AE%BA%E5%89%91gghdl%E9%A2%98%E8%A7%A3/
ysomap : Java反序列化利用框架
https://paper.seebug.org/1766/
https://paper.seebug.org/1766/
严苛Web对抗环境下的Webshell
https://mp.weixin.qq.com/s/lOBXzPk-m_th0yNSHGRxUA
https://mp.weixin.qq.com/s/lOBXzPk-m_th0yNSHGRxUA
2021第四届强网拟态防御积分赛工控pwn eserver WP
https://www.anquanke.com/post/id/259594
https://www.anquanke.com/post/id/259594
GSE协议封装解析
https://www.minhal.me/2021/11/19/GSE/
https://www.minhal.me/2021/11/19/GSE/
FOSS软件中漏洞的生命周期
https://mp.weixin.qq.com/s/XTJf0wdUQFOGypHofjsscQ
https://mp.weixin.qq.com/s/XTJf0wdUQFOGypHofjsscQ
《Instructions for PhD Students》:Dimitris给PhD学生的忠告
https://zhuanlan.zhihu.com/p/400248999
https://zhuanlan.zhihu.com/p/400248999
Automatic Feature Learning for Predicting Vulnerable Software Components
https://zhuanlan.zhihu.com/p/435957686
https://zhuanlan.zhihu.com/p/435957686
详解数据治理和数据分类分级
https://mp.weixin.qq.com/s/EeUrNvd1-pFO1_ybMHKcpw
https://mp.weixin.qq.com/s/EeUrNvd1-pFO1_ybMHKcpw
Apache APISIX uri-blocker 场景绕过之一:$request_uri
https://github.com/CHYbeta/OddProxyDemo/tree/master/apisix/demo1
https://github.com/CHYbeta/OddProxyDemo/tree/master/apisix/demo1
使用 ProxyShell 和 ProxyLogon 劫持邮件链
https://paper.seebug.org/1764/
https://paper.seebug.org/1764/
从美军的先期研发看网络安全技术的发展
https://mp.weixin.qq.com/s/a9fmnJOSSuLXfWdAFtGjDA
https://mp.weixin.qq.com/s/a9fmnJOSSuLXfWdAFtGjDA
基于主被动测量的 IoT 安全情报
https://mp.weixin.qq.com/s/Xt3wAWKa5ge0ODK0sfP_lQ
https://mp.weixin.qq.com/s/Xt3wAWKa5ge0ODK0sfP_lQ
数据安全保护和治理的新方法
https://mp.weixin.qq.com/s/rTz8HVyGJE0x2UbVjiy8jw
https://mp.weixin.qq.com/s/rTz8HVyGJE0x2UbVjiy8jw
SiliFuzz:从软件角度发现处理器电路缺陷
https://mp.weixin.qq.com/s/QPYTxin66lwCxZEphCOTew
https://mp.weixin.qq.com/s/QPYTxin66lwCxZEphCOTew
现代化系统中的侧信道(side channel)攻击与防御
https://www.bilibili.com/video/BV16q4y1B7gt
https://www.bilibili.com/video/BV16q4y1B7gt
我的OSCP之旅回顾与分享
https://mp.weixin.qq.com/s/Z-TLwt-0H0uBjK6TeOfxBw
https://mp.weixin.qq.com/s/Z-TLwt-0H0uBjK6TeOfxBw
SecWiki周刊(第403期)
https://www.sec-wiki.com/weekly/403
https://www.sec-wiki.com/weekly/403
shellcode免杀初探
https://mp.weixin.qq.com/s/5BVxYS7HR0ndRQbSB49eBQ
https://mp.weixin.qq.com/s/5BVxYS7HR0ndRQbSB49eBQ
关于多步骤攻击预测方法的调研概要
https://mp.weixin.qq.com/s/ADOeqhYcjKfJlkVhkUAFaw
https://mp.weixin.qq.com/s/ADOeqhYcjKfJlkVhkUAFaw
PT632电信“老猫”分析
https://www.anquanke.com/post/id/259503
https://www.anquanke.com/post/id/259503
AI系列(一):换个思路检测隐蔽C2
https://mp.weixin.qq.com/s/JsvxtiRg8fEq51iTgGfPwQ
https://mp.weixin.qq.com/s/JsvxtiRg8fEq51iTgGfPwQ
Starlink 终端固件的提取和分析
https://mp.weixin.qq.com/s/aMWE6ekKiXWqCsbChirEPQ
https://mp.weixin.qq.com/s/aMWE6ekKiXWqCsbChirEPQ
Mining JavaScript Zero-day Vulnerabilities via Object Proper
https://www.bilibili.com/video/BV1xL411M7wz
https://www.bilibili.com/video/BV1xL411M7wz
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第404期)
