SecWiki周刊(第332期)
2020/07/06-2020/07/12
安全资讯
安全技术
从剖析cs木马生成到开发免杀工具
https://mp.weixin.qq.com/s/BUp3ignvFJhpm-unStrXig
https://mp.weixin.qq.com/s/BUp3ignvFJhpm-unStrXig
F5 BIGIP RCE(CVE-2020-5902)漏洞检测工具
https://github.com/theLSA/f5-bigip-rce-cve-2020-5902
https://github.com/theLSA/f5-bigip-rce-cve-2020-5902
方舟编译器环境支持的新浪新闻极速版APP分析
https://zhuanlan.zhihu.com/p/154438363
https://zhuanlan.zhihu.com/p/154438363
斗鱼关注人数爬取—字体反爬的攻与防
https://cjting.me/2020/07/01/douyu-crawler-and-font-anti-crawling/
https://cjting.me/2020/07/01/douyu-crawler-and-font-anti-crawling/
如何半天玩转一个“ES未授权利用”插件
https://mp.weixin.qq.com/s/XZA37Cen9PexyPxuuEx1CQ
https://mp.weixin.qq.com/s/XZA37Cen9PexyPxuuEx1CQ
SCTF 2020 WriteUp
https://mp.weixin.qq.com/s/puJPmfKOsfbzV-11ggY75Q
https://mp.weixin.qq.com/s/puJPmfKOsfbzV-11ggY75Q
某加密到牙齿的APP数据加密分析
http://www.h4ck.org.cn/2020/07/%e6%9f%90%e5%8a%a0%e5%af%86%e5%88%b0%e7%89%99%e9%bd%bf%e7%9a%84app%e6%95%b0%e6%8d%ae%e5%8a%a0%e5%af%86%e5%88%86%e6%9e%90/
http://www.h4ck.org.cn/2020/07/%e6%9f%90%e5%8a%a0%e5%af%86%e5%88%b0%e7%89%99%e9%bd%bf%e7%9a%84app%e6%95%b0%e6%8d%ae%e5%8a%a0%e5%af%86%e5%88%86%e6%9e%90/
SecWiki周刊(第331期)
https://www.sec-wiki.com/weekly/331
https://www.sec-wiki.com/weekly/331
ICS-Protocol-identify: 使用nmap的nse脚本对常见工控协议进行识别
https://github.com/hi-KK/ICS-Protocol-identify
https://github.com/hi-KK/ICS-Protocol-identify
2020年中国网络安全产业统计报告
http://www.dwcon.cn/upload/2020%E5%B9%B4%E4%B8%AD%E5%9B%BD%E7%BD%91%E7%BB%9C%E5%AE%89%E5%85%A8%E4%BA%A7%E4%B8%9A%E7%BB%9F%E8%AE%A1%E6%8A%A5%E5%91%8A.pdf
http://www.dwcon.cn/upload/2020%E5%B9%B4%E4%B8%AD%E5%9B%BD%E7%BD%91%E7%BB%9C%E5%AE%89%E5%85%A8%E4%BA%A7%E4%B8%9A%E7%BB%9F%E8%AE%A1%E6%8A%A5%E5%91%8A.pdf
Java代码审计
https://xz.aliyun.com/t/7945
https://xz.aliyun.com/t/7945
BERT在美团搜索核心排序的探索和实践
https://mp.weixin.qq.com/s/mFRhp9pJRa9yHwqc98FMbg
https://mp.weixin.qq.com/s/mFRhp9pJRa9yHwqc98FMbg
Java代码执行漏洞中类动态加载的应用
https://mp.weixin.qq.com/s/5iYyRGnlOEEIJmW1DqAeXw
https://mp.weixin.qq.com/s/5iYyRGnlOEEIJmW1DqAeXw
从沙盒逃逸看Python黑科技(上篇)
https://mp.weixin.qq.com/s/f5Ra8BtCyEoJmH0gwuvGXg
https://mp.weixin.qq.com/s/f5Ra8BtCyEoJmH0gwuvGXg
我所认知的甲方信息安全建设经验
https://mp.weixin.qq.com/s/0Uu_os9MB5ZHnowlWkYbEA
https://mp.weixin.qq.com/s/0Uu_os9MB5ZHnowlWkYbEA
红队攻防系列之花式鱼竿钓鱼篇
https://xz.aliyun.com/t/7958
https://xz.aliyun.com/t/7958
DevSecOps在携程的最佳实践
https://mp.weixin.qq.com/s/yOykOPU9wn77doz95s5LeA
https://mp.weixin.qq.com/s/yOykOPU9wn77doz95s5LeA
企业级开源风险及治理模式研究
https://mp.weixin.qq.com/s/hUML8M4gjjpXiimQNNpw-w
https://mp.weixin.qq.com/s/hUML8M4gjjpXiimQNNpw-w
内网渗透之应用层隧道技术
https://xz.aliyun.com/t/7956
https://xz.aliyun.com/t/7956
Security Detections on Windows Events with Recurrent Neural Networks
https://medium.com/@ditrizna/security-detections-on-windows-events-with-recurrent-neural-networks-346d0b2738fe
https://medium.com/@ditrizna/security-detections-on-windows-events-with-recurrent-neural-networks-346d0b2738fe
基于类型状态导向的Use-after-Free漏洞模糊测试技术
https://mp.weixin.qq.com/s/RE19ba-BnQsZRST338lJHA
https://mp.weixin.qq.com/s/RE19ba-BnQsZRST338lJHA
对《数据安全法》的理解和认识—数据分级分类
https://mp.weixin.qq.com/s/iZGNGKG1Q36XaFVu0g_lHw
https://mp.weixin.qq.com/s/iZGNGKG1Q36XaFVu0g_lHw
对《数据安全法》的理解和认识—立法思路
https://mp.weixin.qq.com/s/N239WbL9sBQmqPUt5aXp6Q
https://mp.weixin.qq.com/s/N239WbL9sBQmqPUt5aXp6Q
嵌入式浏览器安全杂谈-electron框架
https://mp.weixin.qq.com/s/J6eqcPPRp7wn06YQhue_Ug
https://mp.weixin.qq.com/s/J6eqcPPRp7wn06YQhue_Ug
从沙盒逃逸看Python黑科技(下篇)
https://mp.weixin.qq.com/s/zSz4RZ8sfKERSroAUx1X0g
https://mp.weixin.qq.com/s/zSz4RZ8sfKERSroAUx1X0g
Yet Another Froala 0-Day XSS
https://blog.compass-security.com/2020/07/yet-another-froala-0-day-xss/
https://blog.compass-security.com/2020/07/yet-another-froala-0-day-xss/
-----微信ID:SecWiki-----
SecWiki,13年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第332期)
