SecWiki周刊(第319期)
2020/04/06-2020/04/12
安全技术
记一次360众测仿真实战靶场考核WP
https://xz.aliyun.com/t/7547
https://xz.aliyun.com/t/7547
工具推荐系列 - PESecurity编译选项安全检测
https://mp.weixin.qq.com/s/9feawxqHRQHUazF-oX6VOQ
https://mp.weixin.qq.com/s/9feawxqHRQHUazF-oX6VOQ
Interpretable Machine Learning: A Guide for Making Black Box Models Explainable
https://christophm.github.io/interpretable-ml-book/
https://christophm.github.io/interpretable-ml-book/
Fuzzowski:一款功能强大的网络协议模糊测试工具
https://www.freebuf.com/sectool/227869.html
https://www.freebuf.com/sectool/227869.html
大型互联网应用安全SDL体系建设实践
https://mp.weixin.qq.com/s/STBzFf-NtfbDEA5s9RBdaw
https://mp.weixin.qq.com/s/STBzFf-NtfbDEA5s9RBdaw
Exploiting CVE-2020-0041 - Part 2: Escalating to root
https://labs.bluefrostsecurity.de/blog/2020/04/08/cve-2020-0041-part-2-escalating-to-root/
https://labs.bluefrostsecurity.de/blog/2020/04/08/cve-2020-0041-part-2-escalating-to-root/
零信任架构实战系列:干掉密码,无密码化方案落地
https://mp.weixin.qq.com/s/xs-xybNs6Ha6_-Qr_EE-qw
https://mp.weixin.qq.com/s/xs-xybNs6Ha6_-Qr_EE-qw
Donot team 组织(APT-C-35)移动端攻击活动分析
https://mp.weixin.qq.com/s/3j5yh8R1D8r9AxKV2qSMKA
https://mp.weixin.qq.com/s/3j5yh8R1D8r9AxKV2qSMKA
ATT&CK矩阵Linux系统安全实践
https://www.freebuf.com/articles/es/231784.html
https://www.freebuf.com/articles/es/231784.html
一文掌握CTF中Python全部考点
https://mp.weixin.qq.com/s/Lj4nCz0hag-AKQF_s79fQw
https://mp.weixin.qq.com/s/Lj4nCz0hag-AKQF_s79fQw
Exploiting CVE-2020-0041 - Part 1: Escaping the Chrome Sandbox
https://labs.bluefrostsecurity.de/blog/2020/03/31/cve-2020-0041-part-1-sandbox-escape/
https://labs.bluefrostsecurity.de/blog/2020/03/31/cve-2020-0041-part-1-sandbox-escape/
Shadowsocks—基于二次混淆加密传输的数据保密性原理分析
https://mp.weixin.qq.com/s/OPpAjg8GazuicnjmME3P6A
https://mp.weixin.qq.com/s/OPpAjg8GazuicnjmME3P6A
“震网”三代和二代漏洞技术分析报告
https://mp.weixin.qq.com/s/qc25c_nuUax6UoknAVLrAw
https://mp.weixin.qq.com/s/qc25c_nuUax6UoknAVLrAw
Badusb 攻击之MacOSX系统实战
https://bacde.me/post/Badusb-Attack-On-Mac-OSX/
https://bacde.me/post/Badusb-Attack-On-Mac-OSX/
2019年度IoT高级威胁研究笔记分享
https://docs.google.com/spreadsheets/d/1UMBFtWxfc40TAF4AIXkPZYBD8uBE6xP2HVs9dRHlTF8/edit#gid=0
https://docs.google.com/spreadsheets/d/1UMBFtWxfc40TAF4AIXkPZYBD8uBE6xP2HVs9dRHlTF8/edit#gid=0
Wazuh:如何对异构数据进行关联告警
https://www.freebuf.com/sectool/230505.html
https://www.freebuf.com/sectool/230505.html
对某大型企业的一次web漏洞挖掘过程
https://mp.weixin.qq.com/s/GuJgbLfJobTcJ2FMii3IzA
https://mp.weixin.qq.com/s/GuJgbLfJobTcJ2FMii3IzA
Midnight Sun CTF 2020 WriteUp
https://mp.weixin.qq.com/s/KF0vLJdRAzcgqMaI1izwUA
https://mp.weixin.qq.com/s/KF0vLJdRAzcgqMaI1izwUA
SecWiki周刊(第318期)
https://www.sec-wiki.com/weekly/318
https://www.sec-wiki.com/weekly/318
iOS exploit chain deploys “LightSpy” feature-rich malware
https://securelist.com/ios-exploit-chain-deploys-lightspy-malware/96407/
https://securelist.com/ios-exploit-chain-deploys-lightspy-malware/96407/
CATBERT — Detecting malicious emails with a bleeding-edge neural language model
https://medium.com/@sophos.ai/detecting-malicious-emails-with-a-bleeding-edge-neural-language-model-355b366d8940
https://medium.com/@sophos.ai/detecting-malicious-emails-with-a-bleeding-edge-neural-language-model-355b366d8940
工具推荐系列 - sigcheck文件签名检测
https://mp.weixin.qq.com/s/4oFtOAT-mRYrOuxBIe4XLA
https://mp.weixin.qq.com/s/4oFtOAT-mRYrOuxBIe4XLA
记一次编写安全资产管理平台
https://www.freebuf.com/sectool/231097.html
https://www.freebuf.com/sectool/231097.html
DDG的新征程——自研P2P协议构建混合P2P网络
https://blog.netlab.360.com/ddg-upgrade-to-new-p2p-hybrid-model/
https://blog.netlab.360.com/ddg-upgrade-to-new-p2p-hybrid-model/
TianFu Cup 2019: Adobe Reader Exploitation
https://starlabs.sg/blog/2020/04/tianfu-cup-2019-adobe-reader-exploitation/
https://starlabs.sg/blog/2020/04/tianfu-cup-2019-adobe-reader-exploitation/
QQ二维码登陆机制分析+双重SSRF钓鱼利用
https://www.freebuf.com/vuls/229694.html
https://www.freebuf.com/vuls/229694.html
关于Adobe PDF 0day的故事
https://mp.weixin.qq.com/s/fx8MQ8ZMhZHwrruigLFbGA
https://mp.weixin.qq.com/s/fx8MQ8ZMhZHwrruigLFbGA
Attacks Simultaneously Exploiting Vulnerability in IE and Firefox
https://blogs.jpcert.or.jp/en/2020/04/ie-firefox-0day.html
https://blogs.jpcert.or.jp/en/2020/04/ie-firefox-0day.html
从0到1认识DNS重绑定攻击
https://xz.aliyun.com/t/7495
https://xz.aliyun.com/t/7495
Bug bounty cheatsheet(Google Doc)
https://docs.google.com/document/d/1MmnlU-L5q9R55Faq9Arvqe8PPYaPAgr7n-1HL3tbBjo/edit
https://docs.google.com/document/d/1MmnlU-L5q9R55Faq9Arvqe8PPYaPAgr7n-1HL3tbBjo/edit
内网渗透-windows持久性后门
https://mp.weixin.qq.com/s/iFzYsWiWneAE_zGGZo7Miw
https://mp.weixin.qq.com/s/iFzYsWiWneAE_zGGZo7Miw
六种bypass安全软件防护执行的方式
https://mp.weixin.qq.com/s/sfxJbyJMB6FyGfa6H0G3hA
https://mp.weixin.qq.com/s/sfxJbyJMB6FyGfa6H0G3hA
针对某国际信息通信公司从前期探测到内网提权的一次成功漏洞测试
https://www.freebuf.com/vuls/230441.html
https://www.freebuf.com/vuls/230441.html
工具推荐系列 - Genymotion模拟器ARM转换
https://mp.weixin.qq.com/s/9F2mEKSMIb7X3Jnj0g9kJA
https://mp.weixin.qq.com/s/9F2mEKSMIb7X3Jnj0g9kJA
awesome-web-security: List of Web Security materials and resources
https://github.com/qazbnm456/awesome-web-security
https://github.com/qazbnm456/awesome-web-security
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第319期)
