SecWiki周刊(第316期)
2020/03/16-2020/03/22
安全技术
[Web安全]  加载远程XSL文件的宏免杀方法
https://mp.weixin.qq.com/s/EOPCstDYmFVtaLYNcUQLzA
[工具]  AWVS 13 Docker版本(破解后)
https://bacde.me/post/awvs-13-docker-cracked/
[Web安全]  windows hash 抓取总结
https://mp.weixin.qq.com/s/jaJi2hXoKKrDbEm1kcY16g
[Web安全]  Bypassing Crowdstrike Falcon 1:大力出奇迹
https://mp.weixin.qq.com/s/x0uGrnMXbzAAV9Q9bxR7SQ
[Web安全]  基于tomcat的内存 Webshell 无文件攻击技术
https://xz.aliyun.com/t/7388
[Web安全]  XSS入门到进阶(附Fuzzing+BypassWAF+Payloads)
https://mp.weixin.qq.com/s/EOPCstDYmFVtaLYNcUQLzA
[设备安全]  路由器固件后门添加
https://mp.weixin.qq.com/s/7tPFO-sqgah_4fbL9t1e5Q
[论文]  Euro S&P 2020 论文录用列表
https://mp.weixin.qq.com/s/tIUS121s3JPOg7yC0j2rNQ
[恶意分析]  威胁狩猎101文档
https://mp.weixin.qq.com/s/0hOtnTz9QrKlLivAobjU7Q
[设备安全]  后门技巧之使用网站关键字进行反连
https://mp.weixin.qq.com/s/ZPBRs-bYHTzkfDpQMOYXng
[论文]  如何以初学者角度写好一篇国际学术论文
https://mp.weixin.qq.com/s/zwTlXBrZiC88y9F5DDU0_g
[运维安全]  asset-scan: 甲方企业的外网资产周期性扫描监控系统
https://github.com/ATpiu/asset-scan
[无线安全]  蓝牙安全之Class of device
https://mp.weixin.qq.com/s/TIYvcThrfOC40rqcy-VGCg
[观点]  SDL已死,应用安全路在何方?
https://mp.weixin.qq.com/s/tYRiKiI7bjgyzQguMA1mrw
[工具]  SMBGhost 蓝屏代码(已测可用)
https://bacde.me/post/smbghost-crash-poc/
[漏洞分析]  LILIN DVR 在野0-day 漏洞分析报告
https://blog.netlab.360.com/multiple-botnets-are-spreading-using-lilin-dvr-0-day/
[移动安全]  细品新政策法规下的APP个人信息收集检测
https://mp.weixin.qq.com/s/BF6vNewF3JK-EHr7KWT8HA
[杂志]  SecWiki周刊(第315期)
https://www.sec-wiki.com/weekly/315
[编程技术]  bashtricks :无空格执行命令
https://bacde.me/post/bashtricks-execute-commands-without-space/
[数据挖掘]  浅谈DDoS攻防对抗中的AI实践
https://mp.weixin.qq.com/s/5v38BBewMVXZbbN2oMYg0A
[设备安全]  大工PLC-远程启停攻击实验
https://mp.weixin.qq.com/s/k9tSpQaaeJ7QKSa9cb_bWg
[数据挖掘]  Boss of the SOC v3 Dataset Released
https://www.splunk.com/en_us/blog/security/botsv3-dataset-released.html
[取证分析]  Real-time file monitoring on Windows with osquery
https://blog.trailofbits.com/2020/03/16/real-time-file-monitoring-on-windows-with-osquery/
[其它]  BigIP Cookie 解码获取真实IP
https://bacde.me/post/bigip-cookie-decode-get-real-ip/
[移动安全]  追踪与新冠状病毒相关的安卓恶意软件
https://mp.weixin.qq.com/s/fLDNLJIWwvrUUwt6Pi6T4A
[其它]  带你入坑CTF-MISC(编码篇)
https://mp.weixin.qq.com/s/PdMuaK2yVhP4VxTpcjR37g
[Web安全]  Cobalt Strike折腾踩坑填坑记录
https://xz.aliyun.com/t/7375
[其它]  国内在线水利水文系统安全威胁分析报告
https://blog.zhifeng.io/security-threat-analysis-report-of-water-conservancy-system/
[运维安全]  OpenResty 最佳实践
https://github.com/moonbingbing/openresty-best-practices
[恶意分析]  自动化恶意域名检测揭秘
https://mp.weixin.qq.com/s/QV8ErKHow3b-AMp6HMzKQg
[Web安全]  巧用匿名函数绕过D盾
https://www.freebuf.com/articles/web/229649.html
[Web安全]  内网渗透-net-NTLM hash的攻击
https://www.anquanke.com/post/id/200649
[漏洞分析]  Bug Bounty:绕过Google域检测
https://xz.aliyun.com/t/7384
[Web安全]  文件包含 or 代码执行
https://mp.weixin.qq.com/s/IkK2Gn_7ghlxMvksZB2HcA
[Web安全]  讨论网络安全测试工具的发展
https://mp.weixin.qq.com/s/hW0A1jwq-pm4M-4LGUZIrA
[漏洞分析]  漫谈WebLogic CVE-2020-2551
https://www.anquanke.com/post/id/201005
[Web安全]  OSCP经验
https://xiaix.me/oscpjing-yan/
[Web安全]  开发简单的PHP混淆器与解混淆器
https://blog.zsxsoft.com/post/42
[Web安全]  Linux下利用SUID提权
https://mp.weixin.qq.com/s/UfPLm53gAlc_z28kH4OYHQ
[Web安全]  日志分析系列(三):分析实战篇
https://mp.weixin.qq.com/s/h2pHi3PVn_92aEIOvB1Yjg
[漏洞分析]  基于AppleScript的利用技术
http://noahblog.360.cn/applescript_attack/
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第316期)