SecWiki周刊(第307期)
2020/01/13-2020/01/19
安全资讯
世界网络战领域2019年发展回顾与2020年展望
https://mp.weixin.qq.com/s/Mx3H2Za7hI9ZZIaZedmXBQ
https://mp.weixin.qq.com/s/Mx3H2Za7hI9ZZIaZedmXBQ
2019年网络安全事件回顾(国际篇)
https://www.anquanke.com/post/id/197161
https://www.anquanke.com/post/id/197161
2019年网络安全事件回顾(国内篇)
https://www.anquanke.com/post/id/197160
https://www.anquanke.com/post/id/197160
安全技术
自动化漏洞挖掘之初步构想
https://mp.weixin.qq.com/s/7I6mNyQY5OlRvO-hH6zymg
https://mp.weixin.qq.com/s/7I6mNyQY5OlRvO-hH6zymg
内网漫游之SOCKS代理大结局
https://mp.weixin.qq.com/s/uKLjW-6Y39wAvLn7bENb7A
https://mp.weixin.qq.com/s/uKLjW-6Y39wAvLn7bENb7A
Pentestit Lab 14 Writeup/Walkthrough
http://utf32.com/2020/01/07/Pentestit-Lab-14-Writeup-Walkthrough/
http://utf32.com/2020/01/07/Pentestit-Lab-14-Writeup-Walkthrough/
Apache Shiro 反序列化漏洞扫描与利用工具
https://github.com/insightglacier/Shiro_exploit
https://github.com/insightglacier/Shiro_exploit
BITSAdmin的介绍与Windows渗透测试中的使用
https://mp.weixin.qq.com/s/pWSLwc_ZWtsESqkuee--zg
https://mp.weixin.qq.com/s/pWSLwc_ZWtsESqkuee--zg
Struts2全漏洞扫描Golang版
http://utf32.com/2020/01/16/Struts2%E5%85%A8%E6%BC%8F%E6%B4%9E%E6%89%AB%E6%8F%8FGolang%E7%89%88/
http://utf32.com/2020/01/16/Struts2%E5%85%A8%E6%BC%8F%E6%B4%9E%E6%89%AB%E6%8F%8FGolang%E7%89%88/
ThinkPHP6任意文件操作漏洞分析
https://mp.weixin.qq.com/s/UPu6cE20l24T6fkYOlSUJw
https://mp.weixin.qq.com/s/UPu6cE20l24T6fkYOlSUJw
中国网络安全能力图谱(2020年1月)
https://mp.weixin.qq.com/s/Qwhr6SlzFDqHB2b6Q6awdw
https://mp.weixin.qq.com/s/Qwhr6SlzFDqHB2b6Q6awdw
Top 20 CTI Presentations for 2019
https://threatintel.eu/2020/01/09/top-20-cti-presos-for-2019/
https://threatintel.eu/2020/01/09/top-20-cti-presos-for-2019/
2020 后区块链世界及安全的一些思考
https://zhuanlan.zhihu.com/p/102384263
https://zhuanlan.zhihu.com/p/102384263
SecWiki周刊(第306期)
https://www.sec-wiki.com/weekly/306
https://www.sec-wiki.com/weekly/306
Fastjson 反序列化漏洞自动化检测
https://koalr.me/post/fastjson-deserialization-detection/
https://koalr.me/post/fastjson-deserialization-detection/
情报内生:高级威胁检测的必要条件
https://mp.weixin.qq.com/s/U3XKIh0ffdzuCJihnJL7Lw
https://mp.weixin.qq.com/s/U3XKIh0ffdzuCJihnJL7Lw
威胁情报系列(一):什么是威胁情报
https://mp.weixin.qq.com/s/f9G818SGijdfS13KjLnFoA
https://mp.weixin.qq.com/s/f9G818SGijdfS13KjLnFoA
Using CveEventWrite From VBA (CVE-2020-0601)
https://blog.didierstevens.com/2020/01/15/using-cveeventwrite-from-vba-cve-2020-0601/
https://blog.didierstevens.com/2020/01/15/using-cveeventwrite-from-vba-cve-2020-0601/
CVE-2020-0601: the ChainOfFools/CurveBall attack explained with PoC
https://research.kudelskisecurity.com/2020/01/15/cve-2020-0601-the-chainoffools-attack-explained-with-poc/
https://research.kudelskisecurity.com/2020/01/15/cve-2020-0601-the-chainoffools-attack-explained-with-poc/
机器学习之恶意流量检测的特征工程
https://www.freebuf.com/articles/web/223481.html
https://www.freebuf.com/articles/web/223481.html
s3tk:一款针对Amazon S3的安全审计套件
https://www.freebuf.com/articles/network/224931.html
https://www.freebuf.com/articles/network/224931.html
DVNA – Damn Vulnerable NodeJS Application
https://github.com/appsecco/dvna
https://github.com/appsecco/dvna
日志分析系列(外传三):平台安全性
https://mp.weixin.qq.com/s/T2ejCKe8G1E8Ims1AKoi7Q
https://mp.weixin.qq.com/s/T2ejCKe8G1E8Ims1AKoi7Q
-----微信ID:SecWiki-----
SecWiki,13年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第307期)
