SecWiki周刊(第257期)
2019/01/28-2019/02/03
安全资讯
[新闻]  美国“国家网络情报体系”架构详解
https://mp.weixin.qq.com/s/8rkXGZsAEqTWu5C8WPmbsA
安全技术
[Web安全]  Kunpeng:一款开源的跨语言漏洞POC框架
https://opensec-cn.github.io/#/articles/1
[移动安全]  安卓APP测试之HOOK大法-Xposed篇
https://mp.weixin.qq.com/s/vnganjOQp5pUpc8hUswtww
[Web安全]  XXE on https://duckduckgo.com
https://hackerone.com/reports/483774
[Web安全]  2018年初整理的一些内网渗透TIPS
https://github.com/Ridter/Intranet_Penetration_Tips
[Web安全]  渗透利器Cobalt Strike - 第1篇 功能及使用
https://xz.aliyun.com/t/3975
[Web安全]  Java Web安全-代码审计(一)
https://mp.weixin.qq.com/s/o1-G9LaK6OFUWbJs3cfKBg
[Web安全]  内网渗透知识基础及流程
https://www.anquanke.com/post/id/170471
[漏洞分析]  无符号Golang程序逆向方法解析
https://www.anquanke.com/post/id/170332
[Web安全]  如何利用2FA实现无密码控制他人帐户(影响Google, Microsoft, Instagram, Cloudflare)
https://nosec.org/home/detail/2211.html
[比赛]  北邮中学生网安杯2019 web解题记录
https://www.anquanke.com/post/id/170299
[取证分析]  Telegram中文圈现状
https://www.freebuf.com/articles/network/194822.html
[运维安全]  easyProxy: 内网穿透代理服务器
https://github.com/cnlh/easyProxy
[Web安全]  使用Aggressor脚本雕饰Cobalt Strike
https://mp.weixin.qq.com/s/CEI1XYkq2PZmYsP0DRU7jg
[移动安全]  voucher_swap: Exploiting MIG reference counting in iOS 12
https://googleprojectzero.blogspot.com/2019/01/voucherswap-exploiting-mig-reference.html
[Web安全]  二阶SQL注入漏洞
https://mp.weixin.qq.com/s/6Bt6-MwK0RtvRdtbMHrCuQ
[编程技术]  带你读神器之KunPeng源代码分析
https://mp.weixin.qq.com/s/JLMaygM_MioszehGYpY2rw
[取证分析]  甲方威胁情报生存指南
https://mp.weixin.qq.com/s/Rdw7_z4jn3Z1AWp-S2B2Vg
[运维安全]  企业安全建设之HIDS
https://www.freebuf.com/articles/es/194510.html
[Web安全]  过D盾webshell分享
https://xz.aliyun.com/t/3959
[工具]  TrackRay: 溯光(Trackray)渗透测试框架 2.0
https://github.com/iSafeBlue/TrackRay
[移动安全]  安卓APP测试之HOOK大法
https://mp.weixin.qq.com/s/3vNeeLm8Wy75tJJ7JvFsfA
[Web安全]  Java Web安全-代码审计(二)
https://mp.weixin.qq.com/s/mlqjOlhefcsO9z51cw4S7w
[数据挖掘]  基于网络特征学习的个性化推荐系统 04#
https://mp.weixin.qq.com/s/MMUZHkGs9Ce0xtmLhHZ54A
[数据挖掘]  基于Flink的超大规模在线实时反欺诈系统的建设与实践
https://mp.weixin.qq.com/s/5opaOA9Rqk-3Sb-9bBRPJQ
[Web安全]  Java Web安全-代码审计(三)
https://mp.weixin.qq.com/s/sMLVaYtlBPaHuiU-Sboopg
[文档]  UAC Bypass via SystemPropertiesAdvanced.exe and DLL Hijacking
https://egre55.github.io/system-properties-uac-bypass/
[Web安全]  SEACMS 8.9版本-从变量覆盖到变量覆盖的SQL注入漏洞
https://nosec.org/home/detail/2222.html
[运维安全]  Exchange邮箱安全代理系统开发
http://www.xsec.io/2019/1/3/mail-sec-proxy-golang.html
[取证分析]  如何利用开源威胁信息分析APT团伙
https://mp.weixin.qq.com/s/HZJQD0jHj2ACkgtvGmtyPw
[漏洞分析]  MacOS/iOS CVE-2019-6231 漏洞深入分析
https://www.anquanke.com/post/id/170358
[Web安全]  Windows环境中使用Responder获取NTLMv2哈希并利用
https://www.freebuf.com/articles/system/194549.html
[恶意分析]  sofacys-zepakab-downloader-spotted-in-the-wild
https://blog.yoroi.company/research/sofacys-zepakab-downloader-spotted-in-the-wild/
[漏洞分析]  JavaScript侧信道时间测量
https://www.anquanke.com/post/id/170268
[文档]  windows-privilege-abuse-auditing-detection-and-defense
https://medium.com/palantir/windows-privilege-abuse-auditing-detection-and-defense-3078a403d74e
[运维安全]  Exploiting SystemD JournalD Part 1
https://capsule8.com/blog/exploiting-systemd-journald-part-1/
[工具]  微信PC端技术研究(2)-CE+OD拿下语音
https://mp.weixin.qq.com/s/h9d8aO79OvkpV9bknVT60A
[编程技术]  how-to-argue-like-cobalt-strike
https://blog.xpnsec.com/how-to-argue-like-cobalt-strike/
[移动安全]  安天移动恶意代码对抗的8年之路
http://blog.avlsec.com/2019/02/5337/anti-virus/
[文档]  2018年度区块链安全报告
https://share.weiyun.com/56Pytbu
[恶意分析]  物联网威胁情报研究
http://blog.nsfocus.net/research-threat-intelligence-iot/
[数据挖掘]  用于异常检测的几种图划分算法
https://mp.weixin.qq.com/s/9CQn4qFd88MRU56xBvY_Pw
[运维安全]  Abusing S4U2Self: Another Sneaky Active Directory Persistence
https://alsid.com/company/news/abusing-s4u2self-another-sneaky-active-directory-persistence
[恶意分析]  malware-analysis/analyzing-darkhydrus-2-0
https://0ffset.net/reverse-engineering/malware-analysis/analyzing-darkhydrus-2-0/
[观点]  详解GDPR向Google亮剑缘由
https://mp.weixin.qq.com/s/5sGSSpkrJhgvttKxP-udJA
[Web安全]  lavarel框架配置不当导致敏感数据泄露
https://nosec.org/home/detail/2217.html
[设备安全]  Reverse Engineering a Philips TriMedia CPU based IP camera
https://blog.quarkslab.com/reverse-engineering-a-philips-trimedia-cpu-based-ip-camera-part-1.html
[杂志]  SecWiki周刊(第256期)
https://www.sec-wiki.com/weekly/256
[Web安全]  Defeating Flask’s Session Management
https://blog.paradoxis.nl/defeating-flasks-session-management-65706ba9d3ce
[恶意分析]  2018年活跃DDoS攻击团伙分析报告
https://mp.weixin.qq.com/s/5F9CauALuwvAys5mwPHwdQ
-----微信ID:SecWiki-----
SecWiki,5年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第257期)