SecWiki周刊(第374期)
2021/04/26-2021/05/02
安全资讯
关基运营者应采取反间谍技术安全防范措施
https://mp.weixin.qq.com/s/wcAg8yVVjSpE98H4L942nw
https://mp.weixin.qq.com/s/wcAg8yVVjSpE98H4L942nw
安全技术
[HTB] Nibbles Writeup
https://mp.weixin.qq.com/s/3mJTvTG7wrY2CaHymvsK8A
https://mp.weixin.qq.com/s/3mJTvTG7wrY2CaHymvsK8A
Viper: 图形化内网渗透工具
https://github.com/FunnyWolf/Viper
https://github.com/FunnyWolf/Viper
Apache Druid CVE-2021-26919 漏洞分析
http://m0d9.me/2021/04/21/Apache-Druid-CVE-2021-26919-%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/
http://m0d9.me/2021/04/21/Apache-Druid-CVE-2021-26919-%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/
由高频护网设备漏洞引发的供应链浅思
https://paper.seebug.org/1562/
https://paper.seebug.org/1562/
基于Flink实现实时冰蝎(Behinder)流量检测
https://github.com/xing-xiao/Maneo-Detect-Behinder
https://github.com/xing-xiao/Maneo-Detect-Behinder
CyberBox: Java Exp FrameWork
https://github.com/0linlin0/CyberBox
https://github.com/0linlin0/CyberBox
前端安全—你必须要注意的依赖安全漏洞
https://mp.weixin.qq.com/s/kCqD0ikh9h5xc42sKkESVA
https://mp.weixin.qq.com/s/kCqD0ikh9h5xc42sKkESVA
NodeJS从零开始到原型链污染
https://www.anquanke.com/post/id/236182
https://www.anquanke.com/post/id/236182
通过DNS协议探测Cobalt Strike服务器
https://mp.weixin.qq.com/s/peIpPJLt4NuJI1a31S_qbQ
https://mp.weixin.qq.com/s/peIpPJLt4NuJI1a31S_qbQ
Fuzzingbook学习指南 Lv1
https://www.anquanke.com/post/id/238224
https://www.anquanke.com/post/id/238224
高版本JDK下的Jolokia Realm JNDI RCE小记
https://mp.weixin.qq.com/s/Z3qP6xW504tuIQ5CJdDSPQ
https://mp.weixin.qq.com/s/Z3qP6xW504tuIQ5CJdDSPQ
不确定性知识图谱的表示和推理
https://zhuanlan.zhihu.com/p/369068016
https://zhuanlan.zhihu.com/p/369068016
做为攻击者那些年的一些想法
https://mp.weixin.qq.com/s/TtV01MA2C6ZJQG5wtFOSBg
https://mp.weixin.qq.com/s/TtV01MA2C6ZJQG5wtFOSBg
Cyber Apocalypse 2021 Web Artillery WriteUP
https://bacde.me/post/Cyber-Apocalypse-2021-Web-Artillery-WriteUP/
https://bacde.me/post/Cyber-Apocalypse-2021-Web-Artillery-WriteUP/
MITRE ATT&CK 第三轮评估结果发布
https://mp.weixin.qq.com/s/NIEmBd62-iWcP7DSV6aR4w
https://mp.weixin.qq.com/s/NIEmBd62-iWcP7DSV6aR4w
多平台的敏感信息监测工具-GShark
https://paper.seebug.org/1560/
https://paper.seebug.org/1560/
初探二进制分析框架qiling
https://www.sec-in.com/article/1044
https://www.sec-in.com/article/1044
graph4code: 基于图数据库的软件漏洞解析方法
https://github.com/Ramos-dev/graph4code
https://github.com/Ramos-dev/graph4code
Supply chain attack on the password manager Clickstudios
https://www.csis.dk/newsroom-blog-overview/2021/moserpass-supply-chain/
https://www.csis.dk/newsroom-blog-overview/2021/moserpass-supply-chain/
工作中常用的相似度算法以及特征提取算法
https://mp.weixin.qq.com/s/vUS553WX8pFIiWoqhkFNlg
https://mp.weixin.qq.com/s/vUS553WX8pFIiWoqhkFNlg
Empire的基本使用和域渗透
https://www.anquanke.com/post/id/236174
https://www.anquanke.com/post/id/236174
企业安全建设 - 软件供应链
https://0x0d.im/archives/1107.html
https://0x0d.im/archives/1107.html
云安全架构连载之三-超大型企业混合云安全架构最佳实践
https://mp.weixin.qq.com/s/xkeNxE99ORtVs9EOv0ellQ
https://mp.weixin.qq.com/s/xkeNxE99ORtVs9EOv0ellQ
网络武器解构:攻击性网络能力的两大市场空间和五大支柱(下)
https://mp.weixin.qq.com/s/O3jFdy4AbFvTkzQI2nfZ_Q
https://mp.weixin.qq.com/s/O3jFdy4AbFvTkzQI2nfZ_Q
网络武器解构:攻击性网络能力的两大市场空间和五大支柱(上)
https://mp.weixin.qq.com/s/_nl4X4Kcv4yOQ0c6qz8wlQ
https://mp.weixin.qq.com/s/_nl4X4Kcv4yOQ0c6qz8wlQ
Eight Short Links of Recent Cyber Security Data Science Papers
http://www.covert.io/eight-short-links-on-recent-cyber-data-science-papers/
http://www.covert.io/eight-short-links-on-recent-cyber-data-science-papers/
SecWiki周刊(第373期)
https://www.sec-wiki.com/weekly/373
https://www.sec-wiki.com/weekly/373
拿下靶机HacksudoAliens
https://www.sec-in.com/article/1029
https://www.sec-in.com/article/1029
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第374期)
