安全资讯
[事件] CVE-2019-0708 | 远程桌面服务远程执行代码漏洞
https://nosec.org/home/detail/2635.html
[新闻] 网络存证未获取法院支持判决书全文
https://mp.weixin.qq.com/s/dqXA8KT_zFJWEx39RGd9Qg
[新闻] 国内外网络战争现场报告平台
https://mp.weixin.qq.com/s/QaYPI8z4bXLUChuOrNxC-A
[事件] 俄罗斯政府网站被爆泄露225万用户社保和护照等信息
https://nosec.org/home/detail/2649.html
[人物] “网安卫士”刘文懋
https://mp.weixin.qq.com/s/GryQEbF3wxAmT7e-76X-mw
[取证分析] 推荐几个优质开源情报分析源
https://mp.weixin.qq.com/s/xegDRXu9A0YMx3v8_E86Ow
[新闻] 美海军陆战队招募志愿者组建平民网络安全小组
https://www.cnbeta.com/articles/tech/848027.htm
安全技术
[其它] webshell免杀套路
https://nosec.org/home/detail/2574.html
[Web安全] Web指纹识别技术研究与优化实现
https://mp.weixin.qq.com/s/v92dLQSgLXv7JVkc8AUyvA
[Web安全] GeoServer漏洞利用总结及案例参考
https://mp.weixin.qq.com/s/lz5cAvLbYIdAQ3aRiiseYg
[设备安全] 由破解电梯卡初识RFID
https://mp.weixin.qq.com/s/Fuc6r86k7eZ3nDvW5ZfcNQ
[运维安全] 现代办公网安全体系建设系列之一:统一化新型认证体系探索
https://blog.flanker017.me/a-new-approach-to-modern-office-network-security-series-1/
[数据挖掘] 如何利用开源风控系统(星云)防止撞库
https://mp.weixin.qq.com/s/r7EY1zcydTmaaEY91H1m5A
[Web安全] 一次综合渗透测试
[杂志] SecWiki周刊(第271期)
https://www.sec-wiki.com/weekly/271
[运维安全] w12scan: 网络资产发现引擎
https://github.com/w-digital-scanner/w12scan
[数据挖掘] 基于小样本学习的意图识别冷启动
https://mp.weixin.qq.com/s/FLXeHnLo03r-8qfUX48VHw
[比赛] DDCTF2019官方Write Up——Web篇
https://www.anquanke.com/post/id/178434
[Web安全] Exploiting CVE-2018-1335: Command Injection in Apache Tika
https://rhinosecuritylabs.com/application-security/exploiting-cve-2018-1335-apache-tika/
[Web安全] EXPLOITING 10,000+ DEVICES USED BY BRITAIN’S MOST VULNERABLE
https://fidusinfosec.com/exploiting-10000-devices-used-by-britains-most-vulnerable/
[漏洞分析] CVE-2019-3568: WhatsApp 0 day漏洞分析
https://mp.weixin.qq.com/s/NC9bSf1QGXugPBPYVgaEsQ
[数据挖掘] 基于设备指纹的风控建模以及机器学习的尝试
https://mp.weixin.qq.com/s/iifhFE8S_3E5d5MvGRbVow
[数据挖掘] 采用弱监督算法给大规模数据集打标签
https://www.infoq.cn/article/Gu-zjXGiWA85lQH7eCca
[Web安全] 利用PHP应用程序中的远程文件包含(RFI)并绕过远程URL包含限制
https://nosec.org/home/detail/2640.html
[Web安全] Powershell攻击指南黑客后渗透之道系列—基础篇
https://mp.weixin.qq.com/s/8UuCC76DHYOuAtpF5MiOQg
[Web安全] Arbitrary file read vulnerability in Hackerrank
https://blog.cystack.net/arbitrary-file-read-vulnerability-in-hackerrank/
[漏洞分析] AFL使用指南
http://zeroyu.xyz/2019/05/15/how-to-use-afl-fuzz/
[恶意分析] 恶意软件训练集:FollowUP
https://nosec.org/home/detail/2638.html
[恶意分析] FIN7.5: the infamous cybercrime rig “FIN7” continues its activities
https://securelist.com/fin7-5-the-infamous-cybercrime-rig-fin7-continues-its-activities/90703/
[其它] Decrypting Eazfuscator.NET encrypted symbol names
https://blog.silentsignal.eu/2019/05/10/decrypting-eazfuscator-net-encrypted-symbol-names/
[恶意分析] 2018年网站攻击态势及“攻击团伙”挖掘分析报告
https://www.anquanke.com/post/id/178158
[恶意分析] 基于攻击链的网络威胁捕猎架构设计
https://book.yunzhan365.com/dksd/oyru/mobile/index.html
[Web安全] 漏扫动态爬虫实践
https://www.anquanke.com/post/id/178339
[比赛] DDCTF2019官方Write Up——Reverse篇
https://www.anquanke.com/post/id/178414
[比赛] DDCTF2019官方Write Up——Android篇
https://www.anquanke.com/post/id/178383
[漏洞分析] DHCP security in Windows 10: analyzing critical vulnerability CVE-2019-0726
http://blog.ptsecurity.com/2019/05/dhcp-security-in-windows-10-analyzing.html
[取证分析] 企业内网之网络管控or自动科学上网
https://www.aqniu.com/vendor/47664.html
[恶意分析] APT34 Glimpse&PoisonFrog 项目分析
http://blog.nsfocus.net/apt34-glimpsepoisonfrog/
[恶意分析] 如何构建公有云DDoS溯源系统
https://www.4hou.com/system/18029.html
[比赛] DDCTF2019官方Write Up——MISC篇
https://www.anquanke.com/post/id/178392
[运维安全] 浅谈威胁诱捕技术在网络安全保障与蓝队防御过程中的重要应用
http://plcscan.org/blog/2019/05/application-of-threat-trap-in-red-and-blue-teams/
[恶意分析] 威胁情报的“魔力”
https://mp.weixin.qq.com/s/Agy_I_TjwiJjvPL4q7j6nQ
[比赛] 工控安全从入门到实战——概述(二)
https://www.anquanke.com/post/id/178425
[漏洞分析] 知往鉴今:Chromium近三年UXSS漏洞分析及缓解、预防和检测措施
https://www.4hou.com/vulnerable/17663.html
[比赛] 工控安全从入门到实战——概述(一)
https://www.anquanke.com/post/id/178265
[其它] 国家网络安全能力成熟度模型(一)
https://www.freebuf.com/articles/es/202351.html
[漏洞分析] IoT设备逆向工程中的函数识别
http://blog.nsfocus.net/function-recognition-reverse-engineering-iot-equipment/
[漏洞分析] Cisco RV320、RV325未授权远程代码执行漏洞分析及建议
https://www.freebuf.com/vuls/202814.html
[论文] DNS Cache-Based User Tracking
https://mp.weixin.qq.com/s/cSjoVgxjOAuIUlewX9iIoA
-----微信ID:SecWiki----- SecWiki,5年来一直专注安全技术资讯分析! SecWiki:https://www.sec-wiki.com
本期原文地址: SecWiki周刊(第272期)