SecWiki周刊(第422期)
2022/03/28-2022/04/03
安全技术
欺骗Wappalyzer插件指纹识别
https://blog.xlab.app/p/63a5b7e6/
https://blog.xlab.app/p/63a5b7e6/
codeql挖掘java二次反序列化
https://firebasky.github.io/2022/03/22/Codeql-excavate-Java-quadratic-deserialization/
https://firebasky.github.io/2022/03/22/Codeql-excavate-Java-quadratic-deserialization/
CodeQL 踩坑指南 - Java
https://mp.weixin.qq.com/s/JkqtO_kfy4LZH9Kjkx6jdw
https://mp.weixin.qq.com/s/JkqtO_kfy4LZH9Kjkx6jdw
K8s安全入门学习扫盲贴
https://tttang.com/archive/1465/
https://tttang.com/archive/1465/
eCapture:无需CA证书抓https网络明文通讯
https://mp.weixin.qq.com/s/DvTClH3JmncpkaEfnTQsRg
https://mp.weixin.qq.com/s/DvTClH3JmncpkaEfnTQsRg
OpenCTI入门笔记(二):存储设置&清理&修改图标和title
https://mp.weixin.qq.com/s/oh2AZ7XMuzDgTEVUV6aSsg
https://mp.weixin.qq.com/s/oh2AZ7XMuzDgTEVUV6aSsg
使用 CodeQL 分析 AOSP
https://xz.aliyun.com/t/11080
https://xz.aliyun.com/t/11080
Spring Cloud Function SpEL表达式注入
https://www.03sec.com/VulnerabilityAnalysis/spring-cloud-function-spel-code-injection.html
https://www.03sec.com/VulnerabilityAnalysis/spring-cloud-function-spel-code-injection.html
Fvuln: 一款自动化工具
https://github.com/d3ckx1/Fvuln
https://github.com/d3ckx1/Fvuln
CodeQL 提升篇之路由收集
https://mp.weixin.qq.com/s/O5XS6JiLEBE9x2eDIznajg
https://mp.weixin.qq.com/s/O5XS6JiLEBE9x2eDIznajg
如何学习这么多的安全文章(理论篇)
https://mp.weixin.qq.com/s/qA3U3qI0h7tuzggI7lvjAA
https://mp.weixin.qq.com/s/qA3U3qI0h7tuzggI7lvjAA
攻防对抗模拟工具CyberBattleSim的简单分析
https://blog.csdn.net/momo_sleet/article/details/115793178
https://blog.csdn.net/momo_sleet/article/details/115793178
使用DNS Tunnel技术的Linux后门B1txor20正在通过Log4j漏洞传播
https://blog.netlab.360.com/b1txor20-use-of-dns-tunneling_cn/
https://blog.netlab.360.com/b1txor20-use-of-dns-tunneling_cn/
Malbox: 恶意软件容器靶机
https://github.com/G4rb3n/Malbox
https://github.com/G4rb3n/Malbox
CVE-2021-29454—Smarty模板注入分析复现
https://xz.aliyun.com/t/11085
https://xz.aliyun.com/t/11085
从主流安全开发框架看软件供应链安全保障的落地
https://mp.weixin.qq.com/s/eu7PfSYdZhNc1kGZ3MKzMg
https://mp.weixin.qq.com/s/eu7PfSYdZhNc1kGZ3MKzMg
关于如何更好地呈现红蓝对抗价值的思考
http://avfisher.win/archives/1307
http://avfisher.win/archives/1307
从DARPA项目学习如何做安全研究
https://mp.weixin.qq.com/s/BkOIosI50NRqzz8Vsbm1Hg
https://mp.weixin.qq.com/s/BkOIosI50NRqzz8Vsbm1Hg
《深入理解CodeQL》Finding vulnerabilities with CodeQL.
https://github.com/ASTTeam/CodeQL
https://github.com/ASTTeam/CodeQL
【Rootkit 系列研究】Windows 平台的高隐匿、高持久化威胁
https://paper.seebug.org/1868/
https://paper.seebug.org/1868/
SecWiki周刊(第421期)
https://www.sec-wiki.com/weekly/421
https://www.sec-wiki.com/weekly/421
CodeQl 从0到0.1
https://blog.szfszf.top/article/59/
https://blog.szfszf.top/article/59/
混合办公(Hybrid Work)安全的“三年”技术落地趋势推演
https://mp.weixin.qq.com/s/sRYlS9BfdiM4NzdTpbenOw
https://mp.weixin.qq.com/s/sRYlS9BfdiM4NzdTpbenOw
基于 OpenAFS 文件系统的反射攻击深度分析
https://paper.seebug.org/1861/
https://paper.seebug.org/1861/
CodeCat:一款功能强大的静态代码分析工具
https://mp.weixin.qq.com/s/wJrb4rgUUoplfjmhvTPRMA
https://mp.weixin.qq.com/s/wJrb4rgUUoplfjmhvTPRMA
加密数字货币合约交易的匿名性保护与对抗
https://mp.weixin.qq.com/s/_QWBvf-zH_urvswRwpInaw
https://mp.weixin.qq.com/s/_QWBvf-zH_urvswRwpInaw
Chrome Zero-Day from North Korea
https://www.schneier.com/blog/archives/2022/03/chrome-zero-day-from-north-korea.html
https://www.schneier.com/blog/archives/2022/03/chrome-zero-day-from-north-korea.html
如何通过开源组件实现一套山寨版的 BAB 方案
https://zhuanlan.zhihu.com/p/489791169
https://zhuanlan.zhihu.com/p/489791169
LAPSUS$安全攻击的胡乱分析
https://mp.weixin.qq.com/s/knMB7oEy4UmPXyJL0in5aA
https://mp.weixin.qq.com/s/knMB7oEy4UmPXyJL0in5aA
Java内存马分析集合
https://xz.aliyun.com/t/11084
https://xz.aliyun.com/t/11084
我们能从日本保障东京奥运会网络安全工作中学到什么?
https://mp.weixin.qq.com/s/SP_mNczD_2yOf1oR3C1CDA
https://mp.weixin.qq.com/s/SP_mNczD_2yOf1oR3C1CDA
商业数字证书签发和使用情况简介
https://blog.netlab.360.com/shu-zi-zheng-shu-zuo-wei-ji-chu-she-shi-de-shi-yong-qing-kuang-fen-xi/
https://blog.netlab.360.com/shu-zi-zheng-shu-zuo-wei-ji-chu-she-shi-de-shi-yong-qing-kuang-fen-xi/
数字货币在暗网中的使用初探
https://mp.weixin.qq.com/s/-tk1cCaYgcfBnjuS0Pahjw
https://mp.weixin.qq.com/s/-tk1cCaYgcfBnjuS0Pahjw
机器学习系统:设计和实现
https://openmlsys.github.io/index.html
https://openmlsys.github.io/index.html
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第422期)
