SecWiki周刊(第324期)
2020/05/11-2020/05/17
安全资讯
[Web安全]  2020年第17届全国大学生信息安全与对抗技术竞赛通知(ISCC2020)
https://www.secpulse.com/archives/129104.html
安全技术
[运维安全]  年度大型攻防实战全景:红蓝深度思考及多方联合推演
https://mp.weixin.qq.com/s/GVIUbtMTynfF5ALDbhXirg
[取证分析]  HFish蜜罐使用心得
https://www.freebuf.com/vuls/220646.html
[漏洞分析]  6,000+ HackerOne Disclosed Reports
http://sec.eddyproject.com/6000-hackerone-disclosed-reports/
[漏洞分析]  Double-Free BUG in WhatsApp exploit poc.[CVE-2020-11932]
https://github.com/ProjectorBUg/CVE-2020-11932
[漏洞分析]  Hyper-V internals researches (2006-2019)
https://github.com/gerhart01/Hyper-V-Internals/blob/master/HyperResearchesHistory.md
[漏洞分析]  从0学习WebLogic CVE-2020-2551漏洞
https://xz.aliyun.com/t/7725
[Web安全]  $20000 Facebook DOM XSS
https://vinothkumar.me/20000-facebook-dom-xss/
[漏洞分析]  From a naive-looking PDF Download to SSRF via HTML Injection in AWS
https://blog.appsecco.com/server-side-request-forgery-via-html-injection-in-pdf-download-90ee4053e911
[Web安全]  开发扫描器挖掘反射型XSS (一)
https://mp.weixin.qq.com/s/T2ULAKKGmRup6FFM8-vgSg
[杂志]  SecWiki周刊(第323期)
https://www.sec-wiki.com/weekly/323
[Web安全]  域控提权合集
https://xz.aliyun.com/t/7726
[漏洞分析]  Analyzing Encrypted RDP Connections
https://corelight.blog/2020/05/13/analyzing-encrypted-rdp-connections/
[Web安全]  Python沙箱逃逸姿势总结
https://www.anquanke.com/post/id/205157
[取证分析]  从STIX2.1看安全智能归来
https://mp.weixin.qq.com/s/nYV3S2oYNNnKcpvNAG751w
[Web安全]  中通RASP安全防护方案初探
https://mp.weixin.qq.com/s/33CtW9ErXCDWoCJRFzlVPQ
[数据挖掘]  复杂风控场景下,如何打造一款高效的规则引擎
https://tech.meituan.com/2020/05/14/meituan-security-zeus.html
[论文]  大数据环境下安全情报融合体系构建
https://mp.weixin.qq.com/s/bjqv8zlSEl7waKHxBNIwyA
[工具]  Hijacking Library Functions and Injecting Code Using the Dynamic Linker
https://sumit-ghosh.com/articles/hijacking-library-functions-code-injection-ld-preload/
[恶意分析]  针对南亚政府和军事组织的 BackConfig 恶意软件
https://paper.seebug.org/1202/
[Web安全]  Don’t Force Yourself to Become a Bug Bounty Hunter
https://samcurry.net/dont-force-yourself-to-become-a-bug-bounty-hunter/
[其它]  Automatic Uncovering of Hidden Behaviors From Input Validation in Mobile Apps
https://securitygossip.com/blog/2020/04/14/automatic-uncovering-of-hidden-behaviors-from-input-validation-in-mobile-apps/
[比赛]  虎符杯两道NodeJS题目的分析
https://xz.aliyun.com/t/7714
[Web安全]  内网渗透:使用ew实现socks代理
https://www.freebuf.com/sectool/234254.html
[恶意分析]  基于深度学习的物联网恶意软件家族细粒度分类研究
https://mp.weixin.qq.com/s/we1fr4_BKd7n-zVWzSRygg
[Web安全]  IIS Raid:使用本地模块构建的IIS后门
https://www.freebuf.com/sectool/231973.html
[移动安全]  An Observational Investigation of Reverse Engineers’ Processes
https://securitygossip.com/blog/2020/04/28/an-observational-investigation-of-reverse-engineers-processes/
-----微信ID:SecWiki-----
SecWiki,8年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第324期)