SecWiki周刊(第269期)
2019/04/22-2019/04/28
安全资讯
[新闻]  中国网络安全行业分类及全景图2019H1
https://mp.weixin.qq.com/s/4O_4MvLVma_9uEQO4IU14g
[法规]  自主可控政策全景图
https://mp.weixin.qq.com/s/1AMEdl_YMXt0jjHl5RYP3A
[视频]  2019 西湖论剑-院士圆桌视频
https://mp.weixin.qq.com/s/XO38NB5whYHxcr9RaoBFXw
[观点]  美国高端智库的政策专家储备及其人才吸引机制研究—以兰德公司为例
https://mp.weixin.qq.com/s/0N8vOoO2B6a79XGG5I-j0w
安全技术
[Web安全]  Weblogic反序列化远程命令执行漏洞(CNVD-C-2019-48814)
https://nosec.org/home/detail/2514.html
[Web安全]  另一种Tomcat渗透Getshell技巧
https://www.ch1ng.com/blog/147.html
[取证分析]  IP 定位 逆向追踪溯源访客真实身份调查取证
https://lcx.cc/post/4595/
[恶意分析]  对APT34泄露工具的分析—PoisonFrog和Glimpse
https://mp.weixin.qq.com/s/gYUCTLi2GpmatGOcRODZwA
[恶意分析]  Windows常见backdoor、权限维持方法及排查技术
https://xz.aliyun.com/t/4842
[Web安全]  代码审计初体验
https://mp.weixin.qq.com/s/yv6JQJFQSvIeJU2Z0Pn0ZA
[漏洞分析]  VTest - 漏洞测试辅助系统
https://github.com/opensec-cn/vtest
[取证分析]  看我如何揪出远控背后的幕后黑手
https://www.freebuf.com/vuls/200895.html
[Web安全]  Dirmap:一款高级Web目录文件扫描工具
https://www.freebuf.com/sectool/200890.html
[Web安全]  绕过xss检测机制
https://www.cnblogs.com/xsserhaha/p/10743671.html
[恶意分析]  APT34攻击全本分析
http://blog.nsfocus.net/apt34-event-analysis-report/
[运维安全]  Linux入侵排查案例分析
https://mp.weixin.qq.com/s/ZnQuboW4jLSBz_9pEFIPxg
[Web安全]  7kbscan-WebPathBrute Web路径暴力探测工具
https://github.com/7kbstorm/7kbscan-WebPathBrute
[编程技术]  手把手教你写爬虫
https://github.com/locoz666/spider-article
[设备安全]  HiSilicon DVR 黑客笔记
https://xz.aliyun.com/t/4840
[运维安全]  中通同安漏洞管理系统
https://mp.weixin.qq.com/s/kWK9PL_C2IW_T9i_A1Mlsw
[取证分析]  LinuxCheck: linux信息收集脚本
https://github.com/al0ne/LinuxCheck
[Web安全]  CaidaoMitmProxy:基于HTTP代理中转菜刀过WAF
https://www.ch1ng.com/blog/173.html
[比赛]  DDCTF2019 部分 writeup 及思路
http://phantom0301.cc/2019/04/19/ddctf2019/
[数据挖掘]  在社交网络上刷粉刷量,技术上是如何实现的?
https://www.infoq.cn/article/ceDbB*8IpzJrwyIJ8v1J
[比赛]  2019-DDCTF-WEB-WriteUp
https://xz.aliyun.com/t/4862
[其它]  如何绕过域账户登录失败次数的限制
https://nosec.org/home/detail/2510.html
[恶意分析]  Datacon DNS攻击流量识别 内测笔记
http://momomoxiaoxi.com/%E6%95%B0%E6%8D%AE%E5%88%86%E6%9E%90/2019/04/24/datacondns1/
[漏洞分析]  Drupal 1-click to RCE分析
https://lorexxar.cn/2019/04/19/drupal-1-click-rce/
[数据挖掘]  DDoS 反射放大攻击全球探测分析
https://paper.seebug.org/898/
[Web安全]  VulnHub靶机学习——Fristileaks实战记录
https://mp.weixin.qq.com/s/QnTjOKqhLhP0TxcJ8CkszQ
[Web安全]  cmsprint: CMS和中间件指纹库
https://github.com/Lucifer1993/cmsprint
[漏洞分析]   如何获得印度最大股票经纪公司的AWS凭证?
https://nosec.org/home/detail/2521.html
[编程技术]  如何打造自己的PoC框架-Pocsuite3-使用篇
https://paper.seebug.org/904/
[Web安全]  浅谈RASP技术攻防之实战[代码实现篇]
https://www.03sec.com/3239.shtml
[无线安全]  RD-10射频探测器-隐藏摄像头侦查器中文手册
https://mp.weixin.qq.com/s/Q12ScpUctVqg7aC3BRVLeg
[恶意分析]  DNS based threat hunting and DoH (DNS over HTTPS)
https://blog.redteam.pl/2019/04/dns-based-threat-hunting-and-doh.html?m=1
[恶意分析]  开源powershell CMD bash命令混淆检测工具
https://github.com/We5ter/Flerken
[Web安全]  Google搜索中的突变XSS
https://xz.aliyun.com/t/4865
[比赛]  聊聊AWD攻防赛流程及准备经验
https://www.freebuf.com/articles/network/201222.html
[移动安全]  移动应用安全基础篇——绕过iOS越狱检测
https://mp.weixin.qq.com/s/DsmgR6BT5UOg9IBa4_-jhg
[数据挖掘]  写给机器学习从业者的 12 条宝贵建议
https://www.infoq.cn/article/NLTXhVkMTSlsGK_dkXgh
[其它]  一步步绕过Windows域中的防火墙获取支付卡敏感数据
https://nosec.org/home/detail/2523.html
[数据挖掘]  从DCGAN到SELF-MOD:GAN的模型架构发展一览
https://kexue.fm/archives/6549
[漏洞分析]  利用Foxit Reader的PDF Printer实现提权
https://www.4hou.com/vulnerable/17538.html
[移动安全]  智能摄像头安全风险分析及对策研究
https://www.kiwisec.com/news/detail/5cc14cd4c649181e28b81f8f.html
[漏洞分析]  给DNS划重点:分析ISC BIND必知必会
https://www.freebuf.com/vuls/200828.html
[观点]  关于编程教育的思考
https://www.cnblogs.com/xsserhaha/p/10685322.html
[其它]  提升云中业务集成安全性的七个步骤
https://www.infoq.cn/article/psah2GOSvCxK1gP1h-93
[Web安全]  浅谈RASP技术攻防之实战[环境配置篇]
https://www.03sec.com/3238.shtml
[数据挖掘]  风控对抗中的常规特征及处置选择
https://zhuanlan.zhihu.com/p/62525083
[取证分析]  ct-exposer: discovers sub-domains by searching Certificate Transparency logs
https://github.com/chris408/ct-exposer
[恶意分析]  Operation ShadowHammer: a high-profile supply chain attack
https://securelist.com/operation-shadowhammer-a-high-profile-supply-chain-attack/90380/
[论文]  研究生第一篇学术论文常犯问题总结
https://mp.weixin.qq.com/s/4ue0JlvJNbSTjzUM9NDejA
[漏洞分析]  结合实例浅析壳编写的流程与难点
https://www.anquanke.com/post/id/176980
[取证分析]  How to start learning Digital Forensics
https://medium.com/@a.alwashli/how-to-start-learning-digital-forensics-8038bcc9af6a
[工具]   用普通权限的域帐户获得域环境中所有DNS解析记录
https://nosec.org/home/detail/2527.html
[Web安全]  三种对CORS错误配置的利用方法
https://www.freebuf.com/articles/web/200350.html
[视频]  从算法到工程,解读阿里巴巴大规模图表征学习框架Euler
https://v.qq.com/x/page/y08637p8dqu.html?from=timeline
[数据挖掘]  基于PaddlePaddle的业界首个开源视频识别工具集
https://mp.weixin.qq.com/s/f5n9HC6jIfWcTWNxqmyvQw
[数据挖掘]  CyberTwitter: Using Twitter to generate alerts for Cybersecurity Threats and Vul
https://mp.weixin.qq.com/s/YIwLaXNqjvW7fky5nJmiDw
[Web安全]  Gitlab+Jenkins+SonarQube 实现代码审计指南
https://bloodzer0.github.io/ossa/other-security-branch/devsecops/gjs/
[数据挖掘]  什么是语义角色标注
https://mp.weixin.qq.com/s/PVzVNI7jMzHPcUbL7UaCIQ
[视频]  How to Predict Which Vulnerabilities Will Be Exploited
https://www.usenix.org/conference/enigma2019/presentation/dumitras
-----微信ID:SecWiki-----
SecWiki,5年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第269期)