SecWiki周刊(第391期)
2021/08/23-2021/08/29
安全技术
[Web安全]  Nginx 场景绕过之一: URL white spaces + Gunicorn
https://github.com/CHYbeta/OddProxyDemo/blob/master/nginx/demo1/README.md
[Web安全]  红队资料集锦
https://blog.qwqdanchun.com/archives/414
[恶意分析]  全球高级持续性威胁(APT)2021年中报告
https://ti.qianxin.com/uploads/2021/08/26/67c584e9e1e86a8dc3f40801f05eb981.pdf
[Web安全]  漫谈PHP反汇编器/反编译器
https://mp.weixin.qq.com/s/bmdSyZem46aukj_hvLhu0w
[Web安全]  BloodHound:Six Degrees of Domain Admin
https://github.com/BloodHoundAD/BloodHound
[漏洞分析]  面向开源软件的自动化漏洞数据采集与处理技术研究
https://mp.weixin.qq.com/s/P9zQI7I2obCpov_LMIeKIw
[漏洞分析]  Electron的openExternal可控利用点分析
https://www.anquanke.com/post/id/251224
[Web安全]   The Hacker Recipes 黑客实操笔记
https://www.thehacker.recipes/
[Web安全]  learning-codeql: CodeQL Java 全网最全的中文学习资料
https://github.com/SummerSec/learning-codeql
[漏洞分析]  车机硬件分析与固件提取
https://mp.weixin.qq.com/s/IIqg3ePO6MNY-pxcpGYv1w
[恶意分析]  海量恶意样本下高性能 Yara 检测方案
https://mp.weixin.qq.com/s/vtmrhjXzL3gj8m_1uwgtmw
[恶意分析]  过往可能低估了反射放大 DDoS 的风险
https://mp.weixin.qq.com/s/feav2bcigQScbze4C5psSw
[Web安全]  HybridTestFramewrok: End to End testing of Web, API and Security
https://github.com/dipjyotimetia/HybridTestFramewrok#setup--tools
[Web安全]  [HTB] Admirer Writeup
https://mp.weixin.qq.com/s/8scaoLaiENuL_L5eLM7hYg
[编程技术]  seed-emulator: A Python framework for creating emulation of the Internet.
https://github.com/seed-labs/seed-emulator
[Web安全]  MSSQL数据库注入全方位利用
https://www.anquanke.com/post/id/248896
[Web安全]  说说JAVA反序列化
https://mp.weixin.qq.com/s/t2hMiPg0-qrgGIyysG9e_A
[漏洞分析]  Escape from chrome sandbox to root
https://vul.360.net/archives/217?continueFlag=b9e944728e53a56fa7ff39d24c55dc4a
[数据挖掘]  面向开放域的无监督实体对齐
https://mp.weixin.qq.com/s/gH1VNCUVT5Hd5lGaGvEO2w
[取证分析]  Weaponizing Middleboxes for TCP Reflected Amplification
https://geneva.cs.umd.edu/posts/usenix21-weaponizing-censors/?continueFlag=b9e944728e53a56fa7ff39d24c55dc4a
[漏洞分析]  通过漏洞预测改进漏洞修复决策
https://mp.weixin.qq.com/s/LOBnwPsYMNfLg9nkeeMi-w
[Web安全]  浅谈云上攻防——对象存储服务访问策略评估机制研究
https://mp.weixin.qq.com/s/ncWGrMsIAvh9HEK1QC5IGQ
[杂志]  SecWiki周刊(第390期)
https://www.sec-wiki.com/weekly/390
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第391期)