安全技术

[其它]  技术人的修炼之道：从业余到专业

https://mp.weixin.qq.com/s/gBgFyy4MMrF5vn-8NGEVQw

[漏洞分析]  协议模糊测试相关技术梳理

https://mp.weixin.qq.com/s/RCpAUpFEzbSewEnWpHrsqw

[工具]  从 SQL 到 RCE 利用 SessionState 反序列化攻击 ASP.NET 网站应用程式

https://paper.seebug.org/1186/

[杂志]  SecWiki周刊（第322期)

https://www.sec-wiki.com/weekly/322

[Web安全]  已知邮箱，求手机号码?

https://mp.weixin.qq.com/s/XvMruURNVWBkEwxvnPSW1g

[Web安全]  De1CTF2020-WriteUp上(Web、Misc、Pwn)

https://mp.weixin.qq.com/s/1CR0up_b5a1zw02wZNwJpg

[Web安全]  数字中国创新大赛-虎符网络安全赛道Write up

https://mp.weixin.qq.com/s/ih2X8IXVFmrMVwJYuf5gng

[恶意分析]  Decrypting and analyzing HTTPS traffic without MITM

https://blog.silentsignal.eu/2020/05/04/decrypting-and-analyzing-https-traffic-without-mitm/

[工具]  Java 反序列化系列 ysoserial Groovy 1

https://paper.seebug.org/1171/

[Web安全]  DOM XSS in Gmail with a little help from Chrome

https://opnsec.com/2020/05/dom-xss-in-gmail-with-a-little-help-from-chrome/

[Web安全]  Socks Over RDP

https://research.nccgroup.com/2020/05/06/tool-release-socks-over-rdp/

[漏洞分析]  Windows exploitation

https://fullpwnops.com/windows-exploitation-pathway.html

[运维安全]  用SASE加速零信任网络交付

https://mp.weixin.qq.com/s/OjHgQGrJWfueu4AfxES9Hg

[设备安全]  物联网场景下的白盒加密技术

https://mp.weixin.qq.com/s/y8FNDtuJIIiYmZDLTxuL_g

[观点]  我的安全漏洞观

https://mp.weixin.qq.com/s/86cS8yIgbVcKStZWq84M7Q

[恶意分析]  The Dacls RAT now on macOS!

https://objective-see.com/blog/blog_0x57.html

[Web安全]  Tide-Mars：资产管理与威胁监测平台开源版本

https://mp.weixin.qq.com/s/-7V14Rpu2KU5HUsa0p025g

[数据挖掘]  Understanding E-commerce Fraud from Autonomous Chat

https://mp.weixin.qq.com/s/uzGQxgfaUufsDSvcYIIYig

[Web安全]  子域名托管案例

https://mp.weixin.qq.com/s/Nqy0Agq_h9yZhvqKdZBZgw

[恶意分析]  Schnelder - NetBotz Firmware 固件分析

https://paper.seebug.org/1170/

[Web安全]  内网渗透：流量转发场景测试

https://www.anquanke.com/post/id/204347

[漏洞分析]  Bugs on the Windshield: Fuzzing the Windows Kernel

https://research.checkpoint.com/2020/bugs-on-the-windshield-fuzzing-the-windows-kernel/

[漏洞分析]  WEBPWN入门级调试讲解

https://www.anquanke.com/post/id/204404

[Web安全]  linux后渗透之收集登录凭证

https://xz.aliyun.com/t/7698

[恶意分析]  De1CTF2020-WriteUp下(Crypto、Reverse)

https://mp.weixin.qq.com/s/KKkxUb_rUEi7Pxj0Qj5Odw

[Web安全]  对缓存投毒的学习总结

https://xz.aliyun.com/t/7696

[移动安全]  Android's May 2020 Patches Fix Critical System Vulnerability

https://www.securityweek.com/androids-may-2020-patches-fix-critical-system-vulnerability

[无线安全]  GPS欺骗实验

https://www.anquanke.com/post/id/204316

[恶意分析]  Deconstructing the Dukes: A Researcher's Retrospective of APT29

https://blog.f-secure.com/podcast-dukes-apt29/

[漏洞分析]  JAVA RMI反序列化知识详解

https://mp.weixin.qq.com/s/bC71HoEtDAKKbHJvStu9qA

[Web安全]  浏览器中隐蔽数据传输通道-DNS隧道

https://mp.weixin.qq.com/s/u5HV7umrZABcgVpZ5pn6WQ

[漏洞分析]  Fastjson 反序列化漏洞史

https://paper.seebug.org/1192/

[设备安全]  从乌克兰电网事件看工控安全态势

https://www.freebuf.com/articles/ics-articles/233680.html

[运维安全]  新一代SIEM与SOAR的技术对比

https://mp.weixin.qq.com/s/mfNRbDXIg5_1jSKHbceHCA

[观点]  卫星互联网重新定义网络战

https://mp.weixin.qq.com/s/mj4BVfI-j3yp-xaSZeEW_A

-----微信ID：SecWiki-----
SecWiki，8年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第323期)