SecWiki周刊(第306期)
2020/01/06-2020/01/12
安全资讯
DARPA发布战略框架文件《保障国家安全的突破性技术和新能力》
https://mp.weixin.qq.com/s/D23I3qEpMs8eOFKy8w2RJg
https://mp.weixin.qq.com/s/D23I3qEpMs8eOFKy8w2RJg
安全技术
Java动态类加载,当FastJson遇上内网
https://mp.weixin.qq.com/s/ou3L-IU1CNr9EGkpjH2u0w
https://mp.weixin.qq.com/s/ou3L-IU1CNr9EGkpjH2u0w
内核地址空间大冒险:系统调用
https://mp.weixin.qq.com/s/esc9gWg42vyPkT58HCKNgg
https://mp.weixin.qq.com/s/esc9gWg42vyPkT58HCKNgg
闯荡Linux帝国:nginx的创业故事
https://mp.weixin.qq.com/s/brUQ8m3oAxYaJeSNa4qAFQ
https://mp.weixin.qq.com/s/brUQ8m3oAxYaJeSNa4qAFQ
G.O.S.S.I.P 安全学术会议排行榜(2019版)
https://feysh.com/ranking/
https://feysh.com/ranking/
Honware: A Virtual Honeypot Framework for Capturing CPE and IoT Zero Days
https://www.lightbluetouchpaper.org/2020/01/04/honware-a-virtual-honeypot-framework-for-capturing-cpe-and-iot-zero-days/
https://www.lightbluetouchpaper.org/2020/01/04/honware-a-virtual-honeypot-framework-for-capturing-cpe-and-iot-zero-days/
电信网络诈骗治理与人工智 能应用白皮书(2019 年)
http://pg.jrj.com.cn/acc/Res/CN_RES/INDUS/2019/12/31/934f8942-0608-400b-abe2-71dd4549c385.pdf
http://pg.jrj.com.cn/acc/Res/CN_RES/INDUS/2019/12/31/934f8942-0608-400b-abe2-71dd4549c385.pdf
基于ATT&CK+SOAR的运营实践
https://mp.weixin.qq.com/s/Z1sAbpSYZXYBO5qpgvjXlQ
https://mp.weixin.qq.com/s/Z1sAbpSYZXYBO5qpgvjXlQ
The Bug That Exposed Your PayPal Password
https://medium.com/@alex.birsan/the-bug-that-exposed-your-paypal-password-539fc2896da9
https://medium.com/@alex.birsan/the-bug-that-exposed-your-paypal-password-539fc2896da9
聊聊区块链中的几个技术点
https://paper.seebug.org/1110/
https://paper.seebug.org/1110/
OpenKG论文浅尝2019年论文汇编(20+篇知识图谱相关论文笔记)
http://openkg.cn/dataset/2a29c161-0ac0-409b-bfd5-0fead34e3e61
http://openkg.cn/dataset/2a29c161-0ac0-409b-bfd5-0fead34e3e61
ThinkPHP v5.0.x 反序列化利用链挖掘
https://www.anquanke.com/post/id/196364
https://www.anquanke.com/post/id/196364
Hacker101 CTF Encrypted Pastebin write-up
https://xz.aliyun.com/t/7054
https://xz.aliyun.com/t/7054
恶意域名检测中的流量特征分析
https://mp.weixin.qq.com/s/rvPo_ufBwvdAUoVIv__xCg
https://mp.weixin.qq.com/s/rvPo_ufBwvdAUoVIv__xCg
Hunter 中通DevSecOps闭环方案
https://github.com/ztosec/hunter
https://github.com/ztosec/hunter
基于AFL的Java程序Fuzz工具:Kelinci
https://www.freebuf.com/sectool/224294.html
https://www.freebuf.com/sectool/224294.html
安全开源项目之分布式被动安全扫描
https://mp.weixin.qq.com/s/VwhALBXqIPOh87Ll3ISVHQ
https://mp.weixin.qq.com/s/VwhALBXqIPOh87Ll3ISVHQ
2019年NLP领域总结回顾
https://mp.weixin.qq.com/s/7ROSm_wQNMAKLWUR0djVLQ
https://mp.weixin.qq.com/s/7ROSm_wQNMAKLWUR0djVLQ
CVE-2017-11882理论以及实战样本分析
https://mp.weixin.qq.com/s/d3owzqQFhHNVoPFIyxWZsQ
https://mp.weixin.qq.com/s/d3owzqQFhHNVoPFIyxWZsQ
商业网络培训靶场的发展态势综述
https://mp.weixin.qq.com/s/Cjd7CCR0kZESP2GHX1oOvQ
https://mp.weixin.qq.com/s/Cjd7CCR0kZESP2GHX1oOvQ
2019僵尸网络DDoS攻击监测总结
https://mp.weixin.qq.com/s/FGt-y3KxGPRP-FT2ubDOZA
https://mp.weixin.qq.com/s/FGt-y3KxGPRP-FT2ubDOZA
谈谈情报引领的安全体系建设落地
https://mp.weixin.qq.com/s/uLP2DzH5W2PcLCKZl7Cpsw
https://mp.weixin.qq.com/s/uLP2DzH5W2PcLCKZl7Cpsw
网络空间安全国际学术成果分享(上)
https://www.inforsec.org/wp/?p=3810
https://www.inforsec.org/wp/?p=3810
DNS Beacon through DNSMasq Redirectors
http://www.offensiveops.io/red-team/dns-beacon-through-dnsmasq-redirectors/
http://www.offensiveops.io/red-team/dns-beacon-through-dnsmasq-redirectors/
Blind SQL Injection without an “in”
https://medium.com/@terjanq/blind-sql-injection-without-an-in-1e14ba1d4952
https://medium.com/@terjanq/blind-sql-injection-without-an-in-1e14ba1d4952
SecWiki周刊(第305期)
https://www.sec-wiki.com/weekly/305
https://www.sec-wiki.com/weekly/305
物联网安全系列之远程破解Google Home
https://mp.weixin.qq.com/s/4kO3pU_tCDZmgj2CkROzMg
https://mp.weixin.qq.com/s/4kO3pU_tCDZmgj2CkROzMg
知识图谱构建技术综述与实践
https://zhuanlan.zhihu.com/p/69360094
https://zhuanlan.zhihu.com/p/69360094
Manually Unpacking UPX Executables
https://kindredsec.com/2020/01/07/the-basics-of-packed-malware-manually-unpacking-upx-executables/
https://kindredsec.com/2020/01/07/the-basics-of-packed-malware-manually-unpacking-upx-executables/
日志分析系列(二):平台实现篇
https://mp.weixin.qq.com/s/uc-fHmIseYuxrRSkCxYeaQ
https://mp.weixin.qq.com/s/uc-fHmIseYuxrRSkCxYeaQ
IPv6地址扫描方法研究综述
https://mp.weixin.qq.com/s/N87PZ783qY1JBe5Xm_tDsg
https://mp.weixin.qq.com/s/N87PZ783qY1JBe5Xm_tDsg
大数据安全分析平台搭建&相关经验分享
https://mp.weixin.qq.com/s/hvLN83rPiNLw6cmrYDRPpA
https://mp.weixin.qq.com/s/hvLN83rPiNLw6cmrYDRPpA
pwn的艺术浅谈(二):linux堆相关
https://paper.seebug.org/1109/
https://paper.seebug.org/1109/
Empire的进攻性研究
https://xz.aliyun.com/t/7071
https://xz.aliyun.com/t/7071
深入研究Pass-the-Hash攻击与防御
https://xz.aliyun.com/t/7051
https://xz.aliyun.com/t/7051
The Cypher Injection Saga
https://sidechannel.tempestsi.com/the-cypher-injection-saga-9698d19bed4
https://sidechannel.tempestsi.com/the-cypher-injection-saga-9698d19bed4
CVE-2019-1215 Analysis of a Use After Free in ws2ifsl
https://labs.bluefrostsecurity.de/blog/2020/01/07/cve-2019-1215-analysis-of-a-use-after-free-in-ws2ifsl/
https://labs.bluefrostsecurity.de/blog/2020/01/07/cve-2019-1215-analysis-of-a-use-after-free-in-ws2ifsl/
pwn的艺术浅谈(一):linux栈溢出
https://www.anquanke.com/post/id/196954
https://www.anquanke.com/post/id/196954
Fortinet FortiSIEM Hardcoded SSH Key
https://seclists.org/fulldisclosure/2020/Jan/10
https://seclists.org/fulldisclosure/2020/Jan/10
针对物联网设备的模糊测试概述
https://mp.weixin.qq.com/s/pbOOkxrV0HJFzQicJ0m6Cg
https://mp.weixin.qq.com/s/pbOOkxrV0HJFzQicJ0m6Cg
A tale of a lesser known NFS privesc
https://www.errno.fr/nfs_privesc
https://www.errno.fr/nfs_privesc
-----微信ID:SecWiki-----
SecWiki,13年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第306期)
