SecWiki周刊(第358期)
2021/01/04-2021/01/10
安全技术
通过 ATT&CK 归因攻击
https://mp.weixin.qq.com/s/NSAURU3qpYhhKs8Q8AdBag
https://mp.weixin.qq.com/s/NSAURU3qpYhhKs8Q8AdBag
疑似 APT35 与响尾蛇组织使用的域名被披露
https://mp.weixin.qq.com/s/BNVsnlXYtaZ9_Pk_oKgZRg
https://mp.weixin.qq.com/s/BNVsnlXYtaZ9_Pk_oKgZRg
隐秘的角落 -- JDK CORBA 安全性研究(下)
https://paper.seebug.org/1446/
https://paper.seebug.org/1446/
Kubernetes中使用Helm2的安全风险
http://rui0.cn/archives/1573
http://rui0.cn/archives/1573
隐秘的角落 -- JDK CORBA 安全性研究(上)
https://paper.seebug.org/1445/
https://paper.seebug.org/1445/
对 SolarWinds 事件更深的思考:如何防御供应链攻击
https://mp.weixin.qq.com/s/GdER32Z7K86boHVc-Kic3g
https://mp.weixin.qq.com/s/GdER32Z7K86boHVc-Kic3g
mmpi: 邮件快速检测库
https://github.com/a232319779/mmpi
https://github.com/a232319779/mmpi
美国国家网络靶场系统架构与设计原理剖析①总论
https://mp.weixin.qq.com/s/8yz12RyCyNXGhcAVFZX60g
https://mp.weixin.qq.com/s/8yz12RyCyNXGhcAVFZX60g
欧盟人工智能的网络安全挑战:人工智能威胁图谱
https://mp.weixin.qq.com/s/4qbCusJde_z0AM1eDC4YiA
https://mp.weixin.qq.com/s/4qbCusJde_z0AM1eDC4YiA
2020年下半年全球网络恐怖主义态势分析
https://mp.weixin.qq.com/s/Us54DtL99pdCRErJWvsM8w
https://mp.weixin.qq.com/s/Us54DtL99pdCRErJWvsM8w
一个普通网安从业人员的2020
https://mp.weixin.qq.com/s/PYCIMOk8_wUg7eLFEVOoUQ
https://mp.weixin.qq.com/s/PYCIMOk8_wUg7eLFEVOoUQ
浅析开源蜜罐识别与全网测绘
https://mp.weixin.qq.com/s/hq-z2HBGz3nehnCVg_H-RQ
https://mp.weixin.qq.com/s/hq-z2HBGz3nehnCVg_H-RQ
Deep X-Ray: 一种机器学习驱动的WAF规则窃取器
https://data.hackinn.com/ppt/CIS2020/%E4%B8%BB%E8%AE%BA%E5%9D%9B/Deep%20X-Ray-%20%E4%B8%80%E7%A7%8D%E6%9C%BA%E5%99%A8%E5%AD%A6%E4%B9%A0%E9%A9%B1%E5%8A%A8%E7%9A%84WAF%E8%A7%84%E5%88%99%E7%AA%83%E5%8F%96%E5%99%A8.pdf
https://data.hackinn.com/ppt/CIS2020/%E4%B8%BB%E8%AE%BA%E5%9D%9B/Deep%20X-Ray-%20%E4%B8%80%E7%A7%8D%E6%9C%BA%E5%99%A8%E5%AD%A6%E4%B9%A0%E9%A9%B1%E5%8A%A8%E7%9A%84WAF%E8%A7%84%E5%88%99%E7%AA%83%E5%8F%96%E5%99%A8.pdf
ATT&CK 2020更新指南
https://mp.weixin.qq.com/s/cPiVersg8VyK4fBTK8W1Ag
https://mp.weixin.qq.com/s/cPiVersg8VyK4fBTK8W1Ag
实时态势数据驱动的平行仿真推演方法
https://zhuanlan.zhihu.com/p/163628289
https://zhuanlan.zhihu.com/p/163628289
How to Look for Ideas in Computer Science Research
https://zhiyunq.medium.com/how-to-look-for-ideas-in-computer-science-research-7a3fa6f4696f
https://zhiyunq.medium.com/how-to-look-for-ideas-in-computer-science-research-7a3fa6f4696f
基于异构图卷积网络的网络威胁情报建模
https://mp.weixin.qq.com/s/TszbHM__hpYvdHsCoMmkUQ
https://mp.weixin.qq.com/s/TszbHM__hpYvdHsCoMmkUQ
红队视角看Sunburst后门中的TTPs
https://mp.weixin.qq.com/s/wtEbawfOd1g_T2ovp1SaGg
https://mp.weixin.qq.com/s/wtEbawfOd1g_T2ovp1SaGg
使用自己的代码查找漏洞:检测功能相似但不一致的代码
https://mp.weixin.qq.com/s/ELbtEhd1wedkEqhboPpLuQ
https://mp.weixin.qq.com/s/ELbtEhd1wedkEqhboPpLuQ
SecWiki周刊(第357期)
https://www.sec-wiki.com/weekly/357
https://www.sec-wiki.com/weekly/357
基于语义token分析的克隆代码检测系统
https://mp.weixin.qq.com/s/e_NvzMbOqDspns3VLXBjYw
https://mp.weixin.qq.com/s/e_NvzMbOqDspns3VLXBjYw
-----微信ID:SecWiki-----
SecWiki,13年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第358期)
