SecWiki周刊(第405期)
2021/11/29-2021/12/05
安全资讯
十四五”软件和信息技术服务业发展规划
https://mp.weixin.qq.com/s/6nJ7tpo5qu8zVI8nYDQAnA
https://mp.weixin.qq.com/s/6nJ7tpo5qu8zVI8nYDQAnA
安全技术
DotNet内存马-HttpListener
https://mp.weixin.qq.com/s/zsPPkhCZ8mhiFZ8sAohw6w
https://mp.weixin.qq.com/s/zsPPkhCZ8mhiFZ8sAohw6w
Apache Storm 漏洞分析
http://noahblog.360.cn/apache-storm-vulnerability-analysis/
http://noahblog.360.cn/apache-storm-vulnerability-analysis/
基于多模态学习的视觉实体链接
https://mp.weixin.qq.com/s/wX4g3o7vdz2NJ18TKIUkqA
https://mp.weixin.qq.com/s/wX4g3o7vdz2NJ18TKIUkqA
Serverless 扫描技术研究及应用
https://paper.seebug.org/1776/
https://paper.seebug.org/1776/
数据中心智能安全运营体系建设探索与实践
https://mp.weixin.qq.com/s/omM1xphG_ie9GDjsu34s3w
https://mp.weixin.qq.com/s/omM1xphG_ie9GDjsu34s3w
从研究工控设备到发现供应链威胁
https://mp.weixin.qq.com/s/-ihOJFNP5OaTy6BNr2uxrA
https://mp.weixin.qq.com/s/-ihOJFNP5OaTy6BNr2uxrA
关于金融科技安全的认识与思考
https://mp.weixin.qq.com/s/n63l4LOiViv5p9I2ELI2gg
https://mp.weixin.qq.com/s/n63l4LOiViv5p9I2ELI2gg
xray 终极反制实践
https://koalr.me/posts/core-concept-of-yarx/
https://koalr.me/posts/core-concept-of-yarx/
安卓 APT 间谍软件 GnatSpy 分析
https://paper.seebug.org/1771/
https://paper.seebug.org/1771/
henggeFish: 自动化批量发送钓鱼邮件
https://github.com/SkewwG/henggeFish
https://github.com/SkewwG/henggeFish
CVE-2021-22205 GitLab RCE之未授权访问深入分析(一)
http://blog.topsec.com.cn/cve-2021-22205-gitlab-rce%e4%b9%8b%e6%9c%aa%e6%8e%88%e6%9d%83%e8%ae%bf%e9%97%ae%e6%b7%b1%e5%85%a5%e5%88%86%e6%9e%90%e4%b8%80/
http://blog.topsec.com.cn/cve-2021-22205-gitlab-rce%e4%b9%8b%e6%9c%aa%e6%8e%88%e6%9d%83%e8%ae%bf%e9%97%ae%e6%b7%b1%e5%85%a5%e5%88%86%e6%9e%90%e4%b8%80/
记一次完成的钓鱼实战
https://www.sec-in.com/article/1135
https://www.sec-in.com/article/1135
模式识别,从初级感知到高级认知
https://posts.careerengine.us/p/61a0a70487c0de3490d379b7
https://posts.careerengine.us/p/61a0a70487c0de3490d379b7
基于半结构化百科的电影KG构建、查询与推理实践记录
https://mp.weixin.qq.com/s/9bc8b-VtlW0seKgloLEvRQ
https://mp.weixin.qq.com/s/9bc8b-VtlW0seKgloLEvRQ
从BeaconEye说起,围绕CS内存特征的检测与规避
https://mp.weixin.qq.com/s/m1qOrRBrLAuRYu-eJQ_oOg
https://mp.weixin.qq.com/s/m1qOrRBrLAuRYu-eJQ_oOg
causal-learn:基于Python的因果发现算法平台
https://mp.weixin.qq.com/s/a-UBil7WYmxb6FQx0TAJbw
https://mp.weixin.qq.com/s/a-UBil7WYmxb6FQx0TAJbw
iMonitorSDK: 系统监控开发套件API
https://github.com/wecooperate/iMonitorSDK
https://github.com/wecooperate/iMonitorSDK
Linux 与 XNU 的 KPTI 实现解读
https://paper.seebug.org/1770/
https://paper.seebug.org/1770/
为什么机器学习解决网络安全问题总是失败:机器学习不是万能灵药
https://toooold.com/2021/11/28/why_ml_fails_security_ml_is_not_everything_cn.html
https://toooold.com/2021/11/28/why_ml_fails_security_ml_is_not_everything_cn.html
[HTB] Teacher Writeup
https://mp.weixin.qq.com/s/SCc1Shp5LLSM9ZjJ1EIusA
https://mp.weixin.qq.com/s/SCc1Shp5LLSM9ZjJ1EIusA
铁路组织网络风险管理的最佳实践
https://mp.weixin.qq.com/s/SMqKIquuJE6EIvXCcX70wA
https://mp.weixin.qq.com/s/SMqKIquuJE6EIvXCcX70wA
“加强软件供应链安全实践的指南” (SSDF V1.1草案)
https://mp.weixin.qq.com/s/T3XNl-A1-KgdVElogKzSLQ
https://mp.weixin.qq.com/s/T3XNl-A1-KgdVElogKzSLQ
5G专网安全风险与技术方案
https://mp.weixin.qq.com/s/6K3RQtjzAvtyYNkavuHuaw
https://mp.weixin.qq.com/s/6K3RQtjzAvtyYNkavuHuaw
结合强化学习与CNN的Webshell检测方法
https://mp.weixin.qq.com/s/gpmVRe_sa5_nvN-Xz1_ZcQ
https://mp.weixin.qq.com/s/gpmVRe_sa5_nvN-Xz1_ZcQ
通过反编译和机器学习检测恶意样本代码重用
https://mp.weixin.qq.com/s/9ptODSm-CiyZcXASaPybug
https://mp.weixin.qq.com/s/9ptODSm-CiyZcXASaPybug
利用轻量级权限系统遏制恶意NPM软件包更新
https://mp.weixin.qq.com/s/XTbY3plfEpuPhYc7KQdnaA
https://mp.weixin.qq.com/s/XTbY3plfEpuPhYc7KQdnaA
攻击者利用微软MSHTML漏洞窃取谷歌和instagram凭证信息
https://mp.weixin.qq.com/s/9rDDLeYcohGdTEewpfy6Iw
https://mp.weixin.qq.com/s/9rDDLeYcohGdTEewpfy6Iw
SecWiki周刊(第404期)
https://www.sec-wiki.com/weekly/404
https://www.sec-wiki.com/weekly/404
-----微信ID:SecWiki-----
SecWiki,13年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第405期)
