SecWiki周刊(第318期)
2020/03/30-2020/04/05
安全资讯
[观点]  中国工业网络安全厂商综合能力概览(2020年第1期)
https://mp.weixin.qq.com/s/6i17MV8T3rou8j0rY-ZbIQ
[新闻]  中国网络安全行业全景图(2020年3月第七版)
https://www.aqniu.com/focus/jiaodiantua/66442.html
[恶意分析]  美公司披露俄长达15年的网络活动简析
https://mp.weixin.qq.com/s/nd_dZmAyp5U0lQSOytB6Ng
[新闻]  2021财年DARPA预算概况及发展动向解析
https://mp.weixin.qq.com/s/yEsrMmI0BpvllXaf3TBWkw
[爆库]  Dork-Admin: 盘点近年来的数据泄露、供应链污染事件
https://github.com/ffffffff0x/Dork-Admin
[新闻]  美国联邦政府SOC建设动向(2019)
https://mp.weixin.qq.com/s/8I8hM_G1AO9emXpqxdR0oA
安全技术
[Web安全]  Java SSTI漏洞审计
https://samny.gitee.io/2020/03/24/%E7%99%BD%E5%A4%B4%E6%90%94%E6%9B%B4%E7%9F%AD%EF%BC%8CSSTI%E6%83%B9%E4%BA%BA%E5%BF%83%EF%BC%81/
[Web安全]  iPhone Camera Hack
https://www.ryanpickren.com/webcam-hacking-overview
[工具]  使用 sshLooterC 抓取 SSH 密码
https://www.ch1ng.com/blog/208.html
[运维安全]  SSH暴力破解姿势总结
https://mp.weixin.qq.com/s/Bci16rG7R0wgiRrBO06SuQ
[恶意分析]  浅谈威胁情报应用场景
https://www.anquanke.com/post/id/202426
[编程技术]  爬虫与反爬虫技术分析
https://blog.csdn.net/qq_25834767/article/details/104532493
[漏洞分析]  漏洞分析视角下的CVE-2020-0796漏洞
https://mp.weixin.qq.com/s/Cn0bF7xG6ESCP2iVYiaW2g
[漏洞分析]  smbghost(CVE-2020-0796)漏洞POC汇总及简单分析
https://xz.aliyun.com/t/7440
[运维安全]  零信任实战系列:远程办公实战(视频)
https://mp.weixin.qq.com/s/ujshgJdZzL9E0sDkl5SNJg
[Web安全]  任意文件读取漏洞的曲折历程
https://mp.weixin.qq.com/s/LSE5-RhZcpQ0IGUdTNxmag
[漏洞分析]  An Empirical Study on Benchmarks of Artificial Software Vulnerabilities
https://arxiv.org/pdf/2003.09561.pdf
[数据挖掘]  使用KubeFATE快速部署联邦学习实验开发环境(一)
https://my.oschina.net/u/4238514/blog/3212581
[设备安全]  初探HG110-B家庭网关
https://mp.weixin.qq.com/s/a_uzOzJKna3g27-JxOxj2w
[设备安全]  雷克萨斯汽车安全研究综述报告
https://keenlab.tencent.com/zh/2020/03/30/Tencent-Keen-Security-Lab-Experimental-Security-Assessment-on-Lexus-Cars/
[恶意分析]  2020 Unit 42 IoT威胁报告(汉译版)
https://mp.weixin.qq.com/s/40fgfbuwa2c5jp6e5vbnxQ
[移动安全]  Android Webview Exploited
http://www.nuckingfoob.me/android-webview-csp-iframe-sandbox-bypass/index.html
[漏洞分析]  Imperva WAF Bypass
https://techanarchy.net/blog/imperva-waf-bypass
[Web安全]  Metasploit后渗透模块开发
https://www.cnblogs.com/Kali-Team/p/12589630.html
[论文]  后量子区块链: 抗量子攻击的区块链密码学研究综述(下)
https://mp.weixin.qq.com/s/w8DI6khFFdeXiZlA5C99IA
[运维安全]  通过安全架构提升安全性
https://mp.weixin.qq.com/s/m90wYaEvHzfsdgnFHMGxCw
[恶意分析]  Browser Extension Analysis Framework
http://colin-cowie.com/2020/03/28/Chrome-Extension-Analysis.html
[恶意分析]  Awesome Threat Detection and Hunting library
https://github.com/threat-hunting/awesome_Threat-Hunting
[Web安全]  利用CVE-2020-0796 本地提权
http://www.fr1sh.com/?post=26
[运维安全]  建立安全架构方法的指导框架
https://mp.weixin.qq.com/s/_s3eOdO2AufZtTQdyVK6NA
[杂志]  SecWiki周刊(第317期)
https://www.sec-wiki.com/weekly/317
[工具]  CTF-Tools: 一款Python+Pyqt写的CTF编解码工具
https://github.com/qianxiao996/CTF-Tools
[数据挖掘]  一种工控蜜罐识别与反识别技术研究与应用实践
https://www.freebuf.com/articles/ics-articles/230402.html
[设备安全]  自己动手DIY:编译路由器固件
https://www.freebuf.com/geek/230220.html
[Web安全]  Shellcode编程——编写自己想要功能的Shellcode
https://mp.weixin.qq.com/s/aFO2KJieZQN2rNkcmrj-pQ
[Web安全]  内网免杀抓取windows hash方法
https://mp.weixin.qq.com/s/WLP1soWz-_BEouMxTHLbzg
[Web安全]  WAF攻防实战笔记-提取码: yaki
https://pan.baidu.com/s/1H-sL7ctgGOfj6mSCqFYo8w
[运维安全]  Hunting Tips Mindmap
https://bacde.me/post/hunting-tips-mindmap/
[恶意分析]  Attack matrix for Kubernetes
https://www.microsoft.com/security/blog/2020/04/02/attack-matrix-kubernetes/
[Web安全]  默认密码在线查询网站
https://mp.weixin.qq.com/s/diCsSpVCW8SbmKzZFXD6BQ
[Web安全]  提权辅助工具箱
https://mp.weixin.qq.com/s/Z7kh8OVslnppsL9ntNJHGg
[运维安全]  内网、域环境中的一些实用小技巧
https://mp.weixin.qq.com/s/TIPyLjyHzK0TZzrsAFRjVQ
[恶意分析]  Holy water: ongoing targeted water-holing attack in Asia
https://securelist.com/holy-water-ongoing-targeted-water-holing-attack-in-asia/96311/
[数据挖掘]  使用KubeFATE快速部署联邦学习实验开发环境(二)
https://my.oschina.net/u/4238514/blog/3212601
[恶意分析]  Analyzing Shellcodes with Miasm for Fun and Profit
https://www.randhome.io/blog/2020/04/04/analyzing-shellcodes-with-miasm-for-fun-and-profit/
-----微信ID:SecWiki-----
SecWiki,13年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第318期)