SecWiki周刊(第299期)
2019/11/18-2019/11/24
安全资讯
网络安全威胁信息发布管理办法(征求意见稿)
https://mp.weixin.qq.com/s/uu3fnM8OzC8JRcIiJkIX8w
https://mp.weixin.qq.com/s/uu3fnM8OzC8JRcIiJkIX8w
司法大数据专题报告:网络犯罪特点和趋势
https://mp.weixin.qq.com/s/ZxYS6Dwa2XVOZ8ku-PbKog
https://mp.weixin.qq.com/s/ZxYS6Dwa2XVOZ8ku-PbKog
安全技术
白泽带你去参会@CCS'19, London, UK丨论文分享(上)
https://mp.weixin.qq.com/s/gYqamT3WXiyj79mjBQYRiA
https://mp.weixin.qq.com/s/gYqamT3WXiyj79mjBQYRiA
如何基于沙箱的威胁情报平台上搭建ATT&CK展示界面?
https://mp.weixin.qq.com/s/YcQRAkRRo63OnRYWokl0nw
https://mp.weixin.qq.com/s/YcQRAkRRo63OnRYWokl0nw
代码分析引擎 CodeQL 初体验
https://paper.seebug.org/1078/
https://paper.seebug.org/1078/
浅析常见Debug调试器的安全隐患
https://security.tencent.com/index.php/blog/msg/137
https://security.tencent.com/index.php/blog/msg/137
容器逃逸成真:从CTF解题到CVE-2019-5736漏洞挖掘分析
https://mp.weixin.qq.com/s/UZ7VdGSUGSvoo-6GVl53qg
https://mp.weixin.qq.com/s/UZ7VdGSUGSvoo-6GVl53qg
2019红帽杯 Writeup by X1cT34m
https://xz.aliyun.com/t/6746
https://xz.aliyun.com/t/6746
分析并使用python3编写meterpreter加载器绕过AV
https://xz.aliyun.com/t/6782
https://xz.aliyun.com/t/6782
从Kibana-RCE对nodejs子进程创建的思考
https://xz.aliyun.com/t/6755
https://xz.aliyun.com/t/6755
东南大学《知识图谱》研究生课程
https://github.com/npubird/KnowledgeGraphCourse
https://github.com/npubird/KnowledgeGraphCourse
从Black Hat Speaker到国内外研究者:强化学习的安全应用
https://mp.weixin.qq.com/s/YcH2P38_N4aZtGAc2ktkJw
https://mp.weixin.qq.com/s/YcH2P38_N4aZtGAc2ktkJw
微软开源可解释机器学习框架 interpret 实践
https://mp.weixin.qq.com/s/adkQr051QFzID4tEtPwjyQ
https://mp.weixin.qq.com/s/adkQr051QFzID4tEtPwjyQ
iTerm2 任意命令执行漏洞分析(CVE-2019-9535)
https://xz.aliyun.com/t/6796
https://xz.aliyun.com/t/6796
靶场发展态势④美国家网络空间靶场(NCR)1
https://mp.weixin.qq.com/s/O99wDByj00kCXRPwzGhRSg
https://mp.weixin.qq.com/s/O99wDByj00kCXRPwzGhRSg
SecWiki周刊(第298期)
https://www.sec-wiki.com/weekly/298
https://www.sec-wiki.com/weekly/298
使用TextCNN模型探究恶意软件检测问题
https://www.anquanke.com/post/id/193041
https://www.anquanke.com/post/id/193041
XSS in GMail's AMP4Email via DOM Clobbering
https://research.securitum.com/xss-in-amp4email-dom-clobbering/
https://research.securitum.com/xss-in-amp4email-dom-clobbering/
Fuzzing平台建设的研究与设计
https://mp.weixin.qq.com/s/ziri8oOb4aF26nB1DBaPrQ
https://mp.weixin.qq.com/s/ziri8oOb4aF26nB1DBaPrQ
网络空间测绘的生与死(二)
https://mp.weixin.qq.com/s/CRMP9CblEWGvTFhul3G-Mw
https://mp.weixin.qq.com/s/CRMP9CblEWGvTFhul3G-Mw
从锐捷某系统鸡肋XSS到通用WAF绕过
https://xz.aliyun.com/t/6733
https://xz.aliyun.com/t/6733
Introducing the Corelight SSH Inference Package
https://corelight.blog/2019/11/19/corelight-ssh-inference-package/
https://corelight.blog/2019/11/19/corelight-ssh-inference-package/
计算机与网络安全系列书单推荐
https://mp.weixin.qq.com/s/kEH85B2L8hsTKQjaSluTVQ
https://mp.weixin.qq.com/s/kEH85B2L8hsTKQjaSluTVQ
跟小黑学漏洞利用开发之egghunter
https://www.anquanke.com/post/id/193065
https://www.anquanke.com/post/id/193065
vulnerability-list: 渗透测试中快速检测常见中间件、组件的高危漏洞
https://github.com/1120362990/vulnerability-list
https://github.com/1120362990/vulnerability-list
CSIS发布安全固件开发最佳实践v1.1
https://www.solidot.org/story?sid=62703
https://www.solidot.org/story?sid=62703
网络空间测绘的生与死(一)
https://mp.weixin.qq.com/s/TWGUSmSaXc56KW9CzfPOCQ
https://mp.weixin.qq.com/s/TWGUSmSaXc56KW9CzfPOCQ
关于近日门罗币供应链攻击事件分析
https://mp.weixin.qq.com/s/3B9e0FltRSYWyu96NQp5Tw
https://mp.weixin.qq.com/s/3B9e0FltRSYWyu96NQp5Tw
潜伏者:Roboto Botnet 分析报告
https://blog.netlab.360.com/the-awaiting-roboto-botnet/
https://blog.netlab.360.com/the-awaiting-roboto-botnet/
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第299期)
