SecWiki周刊(第323期)
2020/05/04-2020/05/10
安全技术
De1CTF2020-WriteUp上(Web、Misc、Pwn)
https://mp.weixin.qq.com/s/1CR0up_b5a1zw02wZNwJpg
https://mp.weixin.qq.com/s/1CR0up_b5a1zw02wZNwJpg
从 SQL 到 RCE 利用 SessionState 反序列化攻击 ASP.NET 网站应用程式
https://paper.seebug.org/1186/
https://paper.seebug.org/1186/
Fastjson 反序列化漏洞史
https://paper.seebug.org/1192/
https://paper.seebug.org/1192/
De1CTF2020-WriteUp下(Crypto、Reverse)
https://mp.weixin.qq.com/s/KKkxUb_rUEi7Pxj0Qj5Odw
https://mp.weixin.qq.com/s/KKkxUb_rUEi7Pxj0Qj5Odw
用SASE加速零信任网络交付
https://mp.weixin.qq.com/s/OjHgQGrJWfueu4AfxES9Hg
https://mp.weixin.qq.com/s/OjHgQGrJWfueu4AfxES9Hg
新一代SIEM与SOAR的技术对比
https://mp.weixin.qq.com/s/mfNRbDXIg5_1jSKHbceHCA
https://mp.weixin.qq.com/s/mfNRbDXIg5_1jSKHbceHCA
Understanding E-commerce Fraud from Autonomous Chat
https://mp.weixin.qq.com/s/uzGQxgfaUufsDSvcYIIYig
https://mp.weixin.qq.com/s/uzGQxgfaUufsDSvcYIIYig
Java 反序列化系列 ysoserial Groovy 1
https://paper.seebug.org/1171/
https://paper.seebug.org/1171/
物联网场景下的白盒加密技术
https://mp.weixin.qq.com/s/y8FNDtuJIIiYmZDLTxuL_g
https://mp.weixin.qq.com/s/y8FNDtuJIIiYmZDLTxuL_g
技术人的修炼之道:从业余到专业
https://mp.weixin.qq.com/s/gBgFyy4MMrF5vn-8NGEVQw
https://mp.weixin.qq.com/s/gBgFyy4MMrF5vn-8NGEVQw
Tide-Mars:资产管理与威胁监测平台开源版本
https://mp.weixin.qq.com/s/-7V14Rpu2KU5HUsa0p025g
https://mp.weixin.qq.com/s/-7V14Rpu2KU5HUsa0p025g
JAVA RMI反序列化知识详解
https://mp.weixin.qq.com/s/bC71HoEtDAKKbHJvStu9qA
https://mp.weixin.qq.com/s/bC71HoEtDAKKbHJvStu9qA
linux后渗透之收集登录凭证
https://xz.aliyun.com/t/7698
https://xz.aliyun.com/t/7698
Decrypting and analyzing HTTPS traffic without MITM
https://blog.silentsignal.eu/2020/05/04/decrypting-and-analyzing-https-traffic-without-mitm/
https://blog.silentsignal.eu/2020/05/04/decrypting-and-analyzing-https-traffic-without-mitm/
WEBPWN入门级调试讲解
https://www.anquanke.com/post/id/204404
https://www.anquanke.com/post/id/204404
数字中国创新大赛-虎符网络安全赛道Write up
https://mp.weixin.qq.com/s/ih2X8IXVFmrMVwJYuf5gng
https://mp.weixin.qq.com/s/ih2X8IXVFmrMVwJYuf5gng
SecWiki周刊(第322期)
https://www.sec-wiki.com/weekly/322
https://www.sec-wiki.com/weekly/322
内网渗透:流量转发场景测试
https://www.anquanke.com/post/id/204347
https://www.anquanke.com/post/id/204347
Android's May 2020 Patches Fix Critical System Vulnerability
https://www.securityweek.com/androids-may-2020-patches-fix-critical-system-vulnerability
https://www.securityweek.com/androids-may-2020-patches-fix-critical-system-vulnerability
Deconstructing the Dukes: A Researcher's Retrospective of APT29
https://blog.f-secure.com/podcast-dukes-apt29/
https://blog.f-secure.com/podcast-dukes-apt29/
从乌克兰电网事件看工控安全态势
https://www.freebuf.com/articles/ics-articles/233680.html
https://www.freebuf.com/articles/ics-articles/233680.html
Windows exploitation
https://fullpwnops.com/windows-exploitation-pathway.html
https://fullpwnops.com/windows-exploitation-pathway.html
The Dacls RAT now on macOS!
https://objective-see.com/blog/blog_0x57.html
https://objective-see.com/blog/blog_0x57.html
Schnelder - NetBotz Firmware 固件分析
https://paper.seebug.org/1170/
https://paper.seebug.org/1170/
浏览器中隐蔽数据传输通道-DNS隧道
https://mp.weixin.qq.com/s/u5HV7umrZABcgVpZ5pn6WQ
https://mp.weixin.qq.com/s/u5HV7umrZABcgVpZ5pn6WQ
对缓存投毒的学习总结
https://xz.aliyun.com/t/7696
https://xz.aliyun.com/t/7696
Bugs on the Windshield: Fuzzing the Windows Kernel
https://research.checkpoint.com/2020/bugs-on-the-windshield-fuzzing-the-windows-kernel/
https://research.checkpoint.com/2020/bugs-on-the-windshield-fuzzing-the-windows-kernel/
DOM XSS in Gmail with a little help from Chrome
https://opnsec.com/2020/05/dom-xss-in-gmail-with-a-little-help-from-chrome/
https://opnsec.com/2020/05/dom-xss-in-gmail-with-a-little-help-from-chrome/
-----微信ID:SecWiki-----
SecWiki,13年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第323期)
