SecWiki周刊(第474期)
2023/03/27-2023/04/02
安全资讯
安全技术
使用FirmAE 对zyxel路由器固件仿真实践
https://www.anquanke.com/post/id/288053
https://www.anquanke.com/post/id/288053
parse-server 从原型污染到 RCE 漏洞(CVE-2022-39396) 分析
https://mp.weixin.qq.com/s/AB3LiDutpMQm9C1eumy9IQ
https://mp.weixin.qq.com/s/AB3LiDutpMQm9C1eumy9IQ
基于等级保护思路的应用软件开发安全关键要素探讨
https://mp.weixin.qq.com/s/J8nQRKXBMDBQqTl2InO9pg
https://mp.weixin.qq.com/s/J8nQRKXBMDBQqTl2InO9pg
供应链安全实践:基于风险的“供应链攻击面”梳理和分析
https://mp.weixin.qq.com/s/xk8VFdgRfkcKCnP4xi5qmQ
https://mp.weixin.qq.com/s/xk8VFdgRfkcKCnP4xi5qmQ
rakshasa-跨平台、稳定、隐秘的多级代理内网穿透工具
https://mp.weixin.qq.com/s/8Ul3SLIlyhHVF7R6ekciBw
https://mp.weixin.qq.com/s/8Ul3SLIlyhHVF7R6ekciBw
NSFC形式化方法领域基金项目申请资助情况分析
http://www.qianzhankeji.cn/CN/10.3981/j.issn.2097-0781.2023.01.010
http://www.qianzhankeji.cn/CN/10.3981/j.issn.2097-0781.2023.01.010
解密Starlink骨干网和M形POP拓扑
https://mp.weixin.qq.com/s/aB4-UhiyQEpqp6HRtgSzKg
https://mp.weixin.qq.com/s/aB4-UhiyQEpqp6HRtgSzKg
《欧洲网络安全技能框架》解读
https://mp.weixin.qq.com/s/CS2FUz62CBwcSKWqPAQdaQ
https://mp.weixin.qq.com/s/CS2FUz62CBwcSKWqPAQdaQ
英国防部发布云战略路线图: 构建数字骨干 助力数字转型
https://mp.weixin.qq.com/s/MOODFHGrf_aeXs5G3FzavQ
https://mp.weixin.qq.com/s/MOODFHGrf_aeXs5G3FzavQ
内容算法服务中正能量内容源识别和流量分发机制不足的初步思考
https://mp.weixin.qq.com/s/Arh4u6xHqjP0utSPE3dd-A
https://mp.weixin.qq.com/s/Arh4u6xHqjP0utSPE3dd-A
隐私、安全和密码学的研究趋势 ——来自微软研究院的研究成果简介
https://zhuanlan.zhihu.com/p/616161071
https://zhuanlan.zhihu.com/p/616161071
[HTB] Paper Writeup
https://mp.weixin.qq.com/s/qbiTp3Et4yik0bAYrYCgMg
https://mp.weixin.qq.com/s/qbiTp3Et4yik0bAYrYCgMg
[HTB] GoodGames Writeup
https://mp.weixin.qq.com/s/WPnNpY6Tl-U58vsDGWQvBw
https://mp.weixin.qq.com/s/WPnNpY6Tl-U58vsDGWQvBw
记一次RCE+heapdump信息泄露引发的血案
https://mp.weixin.qq.com/s/6ZDto8QAUKTur5s_haGFdw
https://mp.weixin.qq.com/s/6ZDto8QAUKTur5s_haGFdw
2023产业互联网安全十大趋势报告
https://share.weiyun.com/YqrCdqZ8
https://share.weiyun.com/YqrCdqZ8
供应链攻击之PHP Composer漏洞
https://mp.weixin.qq.com/s/OA823YMj6AxD_ahrQksOfQ
https://mp.weixin.qq.com/s/OA823YMj6AxD_ahrQksOfQ
Swallow-开源代码审计系统
https://github.com/StarCrossPortal/swallow
https://github.com/StarCrossPortal/swallow
safe-rules: 详细的C/C++编程规范指南
https://github.com/Qihoo360/safe-rules
https://github.com/Qihoo360/safe-rules
第十六届中国网络空间安全学科专业建设与人才培养研讨会视频回放
https://wx.vzan.com/live/page/1551654502
https://wx.vzan.com/live/page/1551654502
使用 GWLB 和 FortiGate 作为流量镜像的替代方案
https://mp.weixin.qq.com/s/83q9laF1LHWoSTdkwj3tnA
https://mp.weixin.qq.com/s/83q9laF1LHWoSTdkwj3tnA
美国升级爱因斯坦系统,切换国家网络防御系统后端大脑
https://mp.weixin.qq.com/s/8qJGsK95xkR6nIEMCjbtng
https://mp.weixin.qq.com/s/8qJGsK95xkR6nIEMCjbtng
浅谈基于深度学习的漏洞检测
https://mp.weixin.qq.com/s/fM5qAnQxWXLfAofgVqcWvw
https://mp.weixin.qq.com/s/fM5qAnQxWXLfAofgVqcWvw
软件供应链后门投毒自动化发现能力建设
https://mp.weixin.qq.com/s/Nf4nScuV5sUODgk4Fb3EwA
https://mp.weixin.qq.com/s/Nf4nScuV5sUODgk4Fb3EwA
通过 Qodana 的污点分析保护 PHP 代码
https://mp.weixin.qq.com/s/QbcLigLj_sUWx5awghX7qQ
https://mp.weixin.qq.com/s/QbcLigLj_sUWx5awghX7qQ
Java执行命令过程即命令拼接问题
https://mp.weixin.qq.com/s/vUgHj6jkIGuXX4X66NutnQ
https://mp.weixin.qq.com/s/vUgHj6jkIGuXX4X66NutnQ
attack_range: Splunk Attack Range
https://github.com/splunk/attack_range
https://github.com/splunk/attack_range
SecWiki周刊(第473期)
https://www.sec-wiki.com/weekly/473
https://www.sec-wiki.com/weekly/473
利用静态提取的代码特征对过拟合补丁进行自动分类
https://mp.weixin.qq.com/s/NcTHJFSF6w6R7XO-ejtzzA
https://mp.weixin.qq.com/s/NcTHJFSF6w6R7XO-ejtzzA
-----微信ID:SecWiki-----
SecWiki,13年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第474期)
