SecWiki周刊(第326期)
2020/05/25-2020/05/31
安全资讯
[观点]  美国国防高级研究计划局未来网络安全研发趋势分析
https://mp.weixin.qq.com/s/gWrMODC3Rkznk-swglI0Qw
安全技术
[会议]  DIMVA 2020 论文录用列表
https://mp.weixin.qq.com/s/vdzrImsGD7dnPs0HZNr_SQ
[Web安全]  weblogic t3协议回显穿透nat以及获取内网地址
https://mp.weixin.qq.com/s/cwkZXWCOKYpLDK9o_J_G1w
[Web安全]  sqlmap关于MSSQL执行命令研究
https://mp.weixin.qq.com/s/U1MaRyNJjiX4yxZt1TW4TA
[其它]  微信小程序的渗透五脉
https://www.hackinn.com/index.php/archives/672/
[取证分析]  基于机器学习的GitHub敏感信息泄露监控
https://www.anquanke.com/post/id/205969
[论文]  沈向洋:读论文的三个层次
https://weibo.com/ttarticle/p/show?id=2309404509982170152995
[恶意分析]  闲谈Webshell实战应用
https://www.anquanke.com/post/id/206664
[Web安全]  Apache CommonCollection Gadget几种特殊的玩法
https://mp.weixin.qq.com/s/xwEOpEkPurwP119tonUzVQ
[工具]  DNSLOG平台搭建从0到1
https://mp.weixin.qq.com/s/NL6sHFhOgumQh7oFZNLgYQ
[取证分析]  由喝啤酒引发的军事情报人员信息泄露
https://mp.weixin.qq.com/s/sJyTd50SukIFuVjPSTrFDQ
[运维安全]  零信任解决方案白皮书
https://mp.weixin.qq.com/s/ZkuR5bDGYpXySUcuROcb7Q
[数据挖掘]  全面了解风控数据体系
https://mp.weixin.qq.com/s/PCRzPGGBXG7cJAInylkCRg
[漏洞分析]  “网鼎杯”朱雀之战——魔法房间题解
https://mp.weixin.qq.com/s/4vgBmesl2KICNSoDEep_5Q
[恶意分析]  APT的思考: CMD命令混淆高级对抗
https://mp.weixin.qq.com/s/hJ6gn9EMKNmMOofEg3i6Iw
[Web安全]  一次曲折的渗透测试之旅
https://mp.weixin.qq.com/s/4bFC1GdiRZe9ygazXb1pnA
[设备安全]  S7CommPlus协议研究
https://www.anquanke.com/post/id/206579
[设备安全]  加密固件分析实战
https://www.freebuf.com/articles/terminal/234978.html
[杂志]  SecWiki周刊(第325期)
https://www.sec-wiki.com/weekly/325
[工具]  Look for traces of APT attacks through the ZoomEye history api
https://paper.seebug.org/1220/
[漏洞分析]  Fuzzing战争: 从刀剑弓斧到星球大战
https://mp.weixin.qq.com/s/nREiT1Uj25igCMWu1kta9g
[Web安全]  Moodle DOM Stored XSS to RCE
https://cube01.io/blog/Moodle-DOM-Stored-XSS-to-RCE.html
[运维安全]  全链路自动化监控平台的探索与实践
https://mp.weixin.qq.com/s/j44LMlItuTodfJvL_YGTUA
[恶意分析]  使用 ZoomEye 寻找 APT 攻击的蛛丝马迹
https://paper.seebug.org/1219/
[Web安全]  testing_wave: 被动式web扫描器
https://github.com/guimaizi/testing_wave
[文档]  基于深度学习的恶意流量检测
https://drive.google.com/file/d/14ZeveFdsWkxEA9vAiUSmpPygpcisRGMC/view
[漏洞分析]  Thinkphp5代码执行学习
https://xz.aliyun.com/t/7792
[Web安全]  浅析域渗透中的组策略利用
https://xz.aliyun.com/t/7784
[恶意分析]  基于域名图谱嵌入的恶意域名挖掘
https://mp.weixin.qq.com/s/LeK6QYHwd3k3UlyAuSkcZA
[恶意分析]  从DNS角度看NTP pool服务器的使用
https://blog.netlab.360.com/look-at-ntp-pool-using-dns-data/
[Web安全]  codeql学习——污点分析
https://xz.aliyun.com/t/7789
[漏洞分析]  Magic [probably] behind Hex-Rays
https://engineering.avast.io/magic-probably-behind-hex-rays/
[Web安全]  OXID eShop 6.x below 6.3.4 SQL Injection (SQLi) to RCE Vulnerability Exploit
https://www.vulnspy.com/en-oxid-eshop-6.x-sqli-to-rce/
[恶意分析]  From Agent.BTZ to ComRAT v4: A ten‑year journey
https://www.welivesecurity.com/2020/05/26/agentbtz-comratv4-ten-year-journey/
-----微信ID:SecWiki-----
SecWiki,8年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第326期)