SecWiki周刊(第394期)
2021/09/13-2021/09/19
安全技术
利用 WebSocket 判断是否使用了代理
https://blog.xlab.app/p/f7c5c068/
https://blog.xlab.app/p/f7c5c068/
检测浏览器是否存在代理
https://github.com/ttttmr/checkproxy
https://github.com/ttttmr/checkproxy
goblin: 一款适用于红蓝对抗中的仿真钓鱼系统
https://github.com/xiecat/goblin
https://github.com/xiecat/goblin
fapro: 协议模拟服务器
https://github.com/fofapro/fapro
https://github.com/fofapro/fapro
终端溯源数据中的依赖爆炸问题
https://mp.weixin.qq.com/s/xp9558ezOZELHSJUS5ar3Q
https://mp.weixin.qq.com/s/xp9558ezOZELHSJUS5ar3Q
Hachi: This tool maps a file's behavior on MITRE ATT&CK matrix.
https://github.com/Kart1keya/Hachi
https://github.com/Kart1keya/Hachi
Web应用组件自动化发现的探索
https://mp.weixin.qq.com/s/6xFYQ3D45VpTT3n_qgRing
https://mp.weixin.qq.com/s/6xFYQ3D45VpTT3n_qgRing
注入攻击新方式:通过DNS隧道传输恶意载荷
https://mp.weixin.qq.com/s/gyRxwCkeLlSRbbuPV4xziw
https://mp.weixin.qq.com/s/gyRxwCkeLlSRbbuPV4xziw
RASP关键技术与相关产品调研
https://mp.weixin.qq.com/s/juEPju1Qx7Wdt0akDz9BsA
https://mp.weixin.qq.com/s/juEPju1Qx7Wdt0akDz9BsA
攻击推理-安全知识图谱应用的困境思考
https://mp.weixin.qq.com/s/DOfrD7SGpoXP--zZPzf5bg
https://mp.weixin.qq.com/s/DOfrD7SGpoXP--zZPzf5bg
URL FIlter 绕过 - Python 之 Django
https://github.com/CHYbeta/URLFilterBypassDemo/tree/master/python/django_demo
https://github.com/CHYbeta/URLFilterBypassDemo/tree/master/python/django_demo
VaultFuzzer: 针对Linux内核的状态导向模糊测试方案
https://mp.weixin.qq.com/s/ZevJBJjANmBLPCG0RyC3eg
https://mp.weixin.qq.com/s/ZevJBJjANmBLPCG0RyC3eg
网络空间资产安全管理实践与创新
https://mp.weixin.qq.com/s/3NWI-_qJZfTuqvFl3d2SAQ
https://mp.weixin.qq.com/s/3NWI-_qJZfTuqvFl3d2SAQ
Squid 场景绕过之一: URN bypass ACL
https://github.com/CHYbeta/OddProxyDemo/tree/master/squid/demo1
https://github.com/CHYbeta/OddProxyDemo/tree/master/squid/demo1
[HTB] Laboratory Writeup
https://mp.weixin.qq.com/s/JogpD-YDJr_By3_z7X0rxA
https://mp.weixin.qq.com/s/JogpD-YDJr_By3_z7X0rxA
-----微信ID:SecWiki-----
SecWiki,13年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第394期)
