SecWiki周刊(第407期)
2021/12/13-2021/12/19
安全技术
从一例挖矿木马看 Log4Shell 的在野传播
https://mp.weixin.qq.com/s/OoARMaeACnogFrEWMNw01A
https://mp.weixin.qq.com/s/OoARMaeACnogFrEWMNw01A
基于异常行为检测CobaltStrike
https://www.anquanke.com/post/id/262742
https://www.anquanke.com/post/id/262742
Log4j2远程代码执行漏洞检测和防护策略研究
https://mp.weixin.qq.com/s/GY-hKl9013pyVd8no0SDHw
https://mp.weixin.qq.com/s/GY-hKl9013pyVd8no0SDHw
浅谈被动式IAST产品与技术实现-基础篇
https://www.03sec.com/Ideas/qian-tan-bei-dong-shiiast-chan-pin-yu-ji-shu-shi-x.html#morphing
https://www.03sec.com/Ideas/qian-tan-bei-dong-shiiast-chan-pin-yu-ji-shu-shi-x.html#morphing
应急响应:没有痕迹该如何进行攻击溯源
https://www.freebuf.com/articles/web/313394.html
https://www.freebuf.com/articles/web/313394.html
从Log4shell事件看资产风险运营工程化的困局与盲点
https://zhuanlan.zhihu.com/p/445372045
https://zhuanlan.zhihu.com/p/445372045
浅谈被动式IAST产品与技术实现-代码实现Demo篇
https://www.03sec.com/Ideas/qian-tan-bei-dong-shiiast-chan-pin-yu-ji-shu-shi-x-1.html#morphing
https://www.03sec.com/Ideas/qian-tan-bei-dong-shiiast-chan-pin-yu-ji-shu-shi-x-1.html#morphing
CVE-2016-7124反序列化漏洞复现
https://www.sec-in.com/article/1125
https://www.sec-in.com/article/1125
SPEL表达式注入漏洞深入分析
http://blog.topsec.com.cn/spel%e8%a1%a8%e8%be%be%e5%bc%8f%e6%b3%a8%e5%85%a5%e6%bc%8f%e6%b4%9e%e6%b7%b1%e5%85%a5%e5%88%86%e6%9e%90/
http://blog.topsec.com.cn/spel%e8%a1%a8%e8%be%be%e5%bc%8f%e6%b3%a8%e5%85%a5%e6%bc%8f%e6%b4%9e%e6%b7%b1%e5%85%a5%e5%88%86%e6%9e%90/
浅谈被动式IAST产品与技术实现
https://tttang.com/archive/1375/
https://tttang.com/archive/1375/
ACSAC 2021 论文录用列表
https://mp.weixin.qq.com/s/CeGjPSw4DLCkSdF1lxqi2A
https://mp.weixin.qq.com/s/CeGjPSw4DLCkSdF1lxqi2A
基于规则向量化的HTTP资产识别方法探索
http://blog.nsfocus.net/http-banner-2/
http://blog.nsfocus.net/http-banner-2/
SecWiki周刊(第406期)
https://www.sec-wiki.com/weekly/406
https://www.sec-wiki.com/weekly/406
iMessage 零点击漏洞利用细节公开
https://mp.weixin.qq.com/s/u0O6qBbvGB-l8aqCabGaUQ
https://mp.weixin.qq.com/s/u0O6qBbvGB-l8aqCabGaUQ
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第407期)
