SecWiki周刊(第274期)
2019/05/27-2019/06/02
安全资讯
[法规]  数据安全管理办法(征求意见稿)
http://www.cac.gov.cn/2019-05/28/c_1124546022.htm
安全技术
[Web安全]  一次攻防实战演习复盘总结
https://mp.weixin.qq.com/s/sfUQnFBlkRKf4uRDIVkG5Q
[漏洞分析]  Analysis of CVE-2019-0708 (BlueKeep)
https://www.malwaretech.com/2019/05/analysis-of-cve-2019-0708-bluekeep.html
[漏洞分析]  ApacheTomca远程执行代码(CVE-2019-0232)漏洞浅析和复现
https://mp.weixin.qq.com/s/dhry2nxTyN4C0BUeBvOdZQ
[比赛]  2019 强网杯online Web Writeup
https://tttang.com/archive/1301/
[数据挖掘]  当安全遇上NLP
http://4o4notfound.org/index.php/archives/190/
[数据挖掘]  datacon比赛方向三-攻击源与攻击者分析writeup
https://github.com/ReAbout/datacon
[Web安全]  某CMS组合漏洞至Getshell
https://xz.aliyun.com/t/5277
[取证分析]  应急响应处置流程Windows篇
https://www.freebuf.com/articles/network/203494.html
[比赛]  CTFTraining: CTF Training 经典赛题复现环境
https://github.com/CTFTraining/CTFTraining
[Web安全]  利用 JAVA 调试协议 JDWP 实现反弹 shell
https://paper.seebug.org/933/
[取证分析]  跟我一起学习玩转二维码
https://www.freebuf.com/geek/204516.html
[取证分析]  军工行业工控安全防护思路
https://mp.weixin.qq.com/s/AVRYyob-bQdRRQ8i15SK3w
[其它]  netstat源代码调试&原理分析
https://blog.spoock.com/2019/05/26/netstat-learn/
[其它]  CTF中的隐写术总结
https://mp.weixin.qq.com/s/tAMqC8NpgkXDGAgZHtLd7A
[恶意分析]  Decryption-Tools: 勒索病毒解密工具的汇总
https://github.com/jiansiting/Decryption-Tools
[漏洞分析]  InfluxDB authentication bypass 0day
https://www.komodosec.com/post/when-all-else-fails-find-a-0-day
[Web安全]  Exploiting File Uploads Pt. 1 – MIME Sniffing to Stored XSS
https://anotherhackerblog.com/exploiting-file-uploads-pt1/
[漏洞分析]  CVE-2018-12067及类似漏洞分析与相关思考
https://xz.aliyun.com/t/5248
[漏洞分析]  netstat 源代码调试 & 原理分析
https://paper.seebug.org/934/
[比赛]  MIMIC Defense CTF 2019 final writeup
https://paper.seebug.org/932/
[比赛]  ISCC2019部分writeup
https://www.anquanke.com/post/id/179216
[恶意分析]  Threat Hunting with Jupyter Notebooks— Part 1: Your First Notebook
https://posts.specterops.io/threat-hunting-with-jupyter-notebooks-part-1-your-first-notebook-9a99a781fde7?gi=6e2ca22b44b7
[漏洞分析]  Attribution is hard — at least for Dock: A Safari sandbox escape & LPE
https://phoenhex.re/2019-05-26/attribution-is-hard-at-least-for-dock
[取证分析]  Diving into the Security Analyst's Mind
https://posts.specterops.io/diving-into-the-security-analysts-mind-b1708668e8d4
[移动安全]  iOS砸壳从入门到放弃
https://mp.weixin.qq.com/s/BnYglYcsC-X43pgHfpDXgg
[漏洞分析]  Breaking Out of rkt – 3 New Unpatched CVEs
https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/
[其它]  使用Gpg4Win+Outlook Express实现发送和接收加密邮件
https://www.cnblogs.com/Lyckerr/p/8624076.html
[恶意分析]  HiddenWasp Malware Stings Targeted Linux Systems
https://www.intezer.com/blog-hiddenwasp-malware-targeting-linux-systems/
[恶意分析]  nansh0u-campaign-hackers-arsenal-grows-stronger
https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
-----微信ID:SecWiki-----
SecWiki,5年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第274期)