安全技术

[漏洞分析]  循序渐进分析CVE-2020-1066

https://mp.weixin.qq.com/s/TU5Obmd76QdhfQ-40UxUBQ

[Web安全]  python cms审计记录

https://github.com/MisakiKata/python_code_audit/blob/master/%E5%AE%9E%E6%88%98%E6%93%8D%E4%BD%9C.md

[其它]  Java 安全-RMI-学习总结

https://paper.seebug.org/1251/

[运维安全]  攻防演习-红军的反击

https://mp.weixin.qq.com/s/WrQa0XoBSak3HM1l650HEg

[工具]  WMI攻击与安全防御

https://mp.weixin.qq.com/s/wA7SXfVM3jYsH1VhZqANrA

[Web安全]  sqlmap绕过csrf检测进行注入

https://blog.blankshell.com/2020/06/25/sqlmap%e7%bb%95%e8%bf%87csrf%e6%a3%80%e6%b5%8b%e8%bf%9b%e8%a1%8c%e6%b3%a8%e5%85%a5/

[编程技术]  安全框架之综述

https://mp.weixin.qq.com/s/4jec18NXjV6UwubzrYgwzg

[运维安全]  hihttps: 一款完整源码的高性能Web应用防火墙

https://github.com/qq4108863/hihttps

[恶意分析]  代码克隆检测技术

https://www.zuozuovera.com/archives/1668/

[杂志]  SecWiki周刊（第329期)

https://www.sec-wiki.com/weekly/329

[漏洞分析]  基于异常的猎杀行动——自保护触发自杀

https://www.anquanke.com/post/id/209035

[Web安全]  自动化测试工具APPium初探

https://mp.weixin.qq.com/s/wwlqd_kO7vfpP6vTPrW_6Q

[Web安全]  从0到1学会搭建小型企业拓扑到由外向内的渗透测试

https://www.anquanke.com/post/id/208992

[恶意分析]  Powershell免杀的探索

https://xz.aliyun.com/t/7903

[其它]  Active Directory Exploitation Cheat Sheet

https://github.com/Integration-IT/Active-Directory-Exploitation-Cheat-Sheet

[Web安全]  FOFA搜索结果提取技术分析

https://www.freebuf.com/sectool/238018.html

[Web安全]  Java代码审计之Struts2-001

https://xz.aliyun.com/t/7915

[漏洞分析]  MLDetectVuln: AI算法解决大规模二进制程序函数相似性分析

https://github.com/Anemone95/MLDetectVuln

[Web安全]  Linux Pam后门总结拓展

https://xz.aliyun.com/t/7902

[恶意分析]  Rovnix Bootkit 恶意软件相关活动分析

https://paper.seebug.org/1253/

[数据挖掘]  知识图谱之知识表示篇（一）

https://zhuanlan.zhihu.com/p/148785892

[漏洞分析]  解释器类型的Pwn题目总结

https://www.anquanke.com/post/id/208940

[Web安全]  Tomcat基于Servlet的无文件webshell的相关技术研究

https://mp.weixin.qq.com/s/gYGrdDtIldzrE7NHSxTDYQ

[取证分析]  手工打造基于ATT&CK矩阵的EDR系统

https://www.freebuf.com/articles/system/239107.html

[恶意分析]  Zloader的DGA算法解析

https://www.freebuf.com/articles/others-articles/238700.html

[视频]  DIMVA 2020 视频列表

https://www.*******.com/watch?v=8MM0qif7Qjw&list=PLm_RjVa4jQG9hGaSZQcsWgFO87CA_iTzq

[漏洞分析]  图解利用虚函数过GS保护

https://www.freebuf.com/vuls/238736.html

[数据挖掘]  标签传播算法解读

https://mp.weixin.qq.com/s/dX6CouK7LGNbXsRxRnS26w

[设备安全]  设备固件提取小结

https://www.freebuf.com/articles/terminal/229567.html

[Web安全]  PWDB - New generation of Password Mass-Analysis

https://github.com/FlameOfIgnis/Pwdb-Public

[恶意分析]  APT的思考: PowerShell命令混淆高级对抗

https://mp.weixin.qq.com/s/Sg0LK8emSWP1m-yds4VGrQ

[Web安全]  Java Deserialization Exploitation With Customized Ysoserial Payloads

https://rhinosecuritylabs.com/research/java-deserializationusing-ysoserial/

[运维安全]  Recovering Credentials from a Process inside a Docker Container using Docker Checkpoint

https://blog.pentesteracademy.com/recovering-credentials-from-a-docker-container-process-using-docker-checkpoint-and-gdb-ea22e8898d2b

[其它]  SPIDER: Enabling Fast Patch Propagation in Related Software Repositories

https://securitygossip.com/blog/2020/05/26/spider-enabling-fast-patch-propagation-in-related-software-repositories/

[Web安全]  Using SQL Injection to perform SSRF/XSPA attacks

https://ibreak.software/2020/06/using-sql-injection-to-perform-ssrf-xspa-attacks/

[取证分析]  Mining DNS MX Records for Fun and Profit

https://medium.com/@jason_trost/mining-dns-mx-records-for-fun-and-profit-7a069da9ee2d

-----微信ID：SecWiki-----
SecWiki，8年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第330期)