SecWiki周刊(第288期)
2019/09/02-2019/09/08
安全资讯
[新闻]  2019年上半年上市网络安全公司经营简报
https://mp.weixin.qq.com/s/huQKnnsQtLn0uVZj-wz0Uw
安全技术
[Web安全]  反弹shell的学习总结 - Part 2
https://mp.weixin.qq.com/s/S9Luvf2Drj4aDqKWUJjTwg
[工具]  端对端加密的微信聊天插件
https://github.com/dplusec/tgwechat
[漏洞分析]  FastJson拒绝服务漏洞分析
https://nosec.org/home/detail/2933.html
[编程技术]   一款漏洞验证框架的构思
https://nosec.org/home/detail/2919.html
[工具]  fireeye/SharPersist
https://github.com/fireeye/SharPersist
[编程技术]  Linux环境下无文件执行elf
http://www.polaris-lab.com/index.php/archives/666/
[其它]  网络空间搜索引擎概述
https://mp.weixin.qq.com/s/AdrOhuA0mpjCtdpWjPC1jg
[恶意分析]  DNS 隧道通信特征与检测
http://blog.nsfocus.net/dns-tunnel-communication-characteristics-detection/
[杂志]  SecWiki周刊(第287期)
https://www.sec-wiki.com/weekly/287
[Web安全]  安全开源项目之越权漏洞自动化检测
https://mp.weixin.qq.com/s/vwF7aTvk-U-SnJqO3f80gA
[数据挖掘]  通过基于时间的侧信道攻击识别WAF规则
https://xz.aliyun.com/t/6175
[数据挖掘]  百度实体链接比赛后记:行为建模和实体链接(含代码分享)
https://mp.weixin.qq.com/s/hIGmW_J5xEvLUXa4hFHzsA
[取证分析]  互联网公司数据安全保护新探索
https://tech.meituan.com/2018/05/20/data-security-protection-new-exploration.html
[工具]  JWTPyCrack-JWT攻击脚本
https://github.com/Ch1ngg/JWTPyCrack
[Web安全]  (CVE-2019-1030) Microsoft Edge - Universal XSS
https://leucosite.com/Microsoft-Edge-uXSS/
[取证分析]  一种基于欺骗防御的入侵检测技术研究
https://mp.weixin.qq.com/s/6BEY9qpi0rfk1_T1k1lWmg
[运维安全]  企业如何构建有效的安全运营体系
https://mp.weixin.qq.com/s/JJkQ8S4qw0RigOoA9Xzhyw
[漏洞分析]  推特的Golden Pulse Secure SSL VPN远程命令执行攻击链条
https://nosec.org/home/detail/2924.html
[运维安全]  Linux环境下无文件执行elf
https://mp.weixin.qq.com/s/gz77Yy3yKPM10JsDg1oyiw
[漏洞分析]  Attacking SSL VPN - Part 3: The Golden Pulse Secure SSL VPN RCE Chain
http://blog.orange.tw/2019/09/attacking-ssl-vpn-part-3-golden-pulse-secure-rce-chain.html
[漏洞分析]  Grahql查询漏洞所引起的敏感信息泄露
https://nosec.org/home/detail/2922.html
[移动安全]  [ipa破解器] 零代码一键生成免越狱ipa!
http://iosre.com/t/ipa-ipa/15494
[数据挖掘]  社交网络影响集体决策,或改变选举结果
https://mp.weixin.qq.com/s/KqyF7epXWRhaT4spGWHXSw
[数据挖掘]  大数据安全核心技术(摘自CSDN)
https://bloodzer0.github.io/ossa/data_security/big_data_security_copy/
[恶意分析]  CoinBlockerLists
https://zerodot1.gitlab.io/CoinBlockerListsWeb/
[恶意分析]  Deep learning rises: New methods for detecting malicious PowerShell
https://www.microsoft.com/security/blog/2019/09/03/deep-learning-rises-new-methods-for-detecting-malicious-powershell/
[运维安全]  利用ptrace和memfd_create混淆程序名和参数
https://mp.weixin.qq.com/s/ab9GKXfaNeGLiBbp6_jh-A
-----微信ID:SecWiki-----
SecWiki,5年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第288期)