SecWiki周刊(第290期)
2019/09/16-2019/09/22
安全技术
[Web安全]  利用js文件进行渗透
https://mp.weixin.qq.com/s/G6qdRQ3BPKrjHY5ucUiG2w
[Web安全]  内网渗透之端口转发、映射、代理
https://xz.aliyun.com/t/6349
[Web安全]  LuWu: 红队基础设施自动化部署工具
https://github.com/QAX-A-Team/LuWu
[取证分析]  钓鱼邮件的投递和伪造
https://xz.aliyun.com/t/6325
[取证分析]  大型互联网企业威胁情报运营与实践思考
https://www.anquanke.com/post/id/187069
[取证分析]  反间谍软件之旅(一)
https://www.anquanke.com/post/id/186489
[杂志]  SecWiki周刊(第289期)
https://www.sec-wiki.com/weekly/289
[工具]  vulnerable-sso: vulnerable single sign on
https://github.com/dogangcr/vulnerable-sso
[恶意分析]  Malware Classification with ‘Graph Hash,’ Applied to the Orca Cyberespionage Cam
https://blog.trendmicro.com/trendlabs-security-intelligence/malware-classification-with-graph-hash-applied-to-the-orca-cyberespionage-campaign/
[工具]  pdlist: A passive subdomain finder
https://github.com/gnebbia/pdlist
[工具]  Bloodhound Cypher Cheatsheet
https://hausec.com/2019/09/09/bloodhound-cypher-cheatsheet/
[其它]  Decentralizing DNS to Improve the Security of the Internet
https://www.namebase.io/blog/meet-handshake-decentralizing-dns-to-improve-the-security-of-the-internet/
[其它]  beyond-good-ol-run-key-part-114(AutoPlay利用)
http://www.hexacorn.com/blog/2019/09/07/beyond-good-ol-run-key-part-114/
[Web安全]  Server Side Template Injection – on the example of Pebble
https://research.securitum.com/server-side-template-injection-on-the-example-of-pebble/
-----微信ID:SecWiki-----
SecWiki,5年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第290期)