SecWiki周刊(第357期)

  • A+
所属分类:安全新闻

SecWiki周刊(第357期)

本期关键字:内网渗透、自我修养、静态程序分析、数据资产平台、数据库攻击利用、漏洞检测高影响因素、自研HIDS、JAVA安全编码、恶意服务器指纹、网空靶场、漏洞扫描框架、Mysql蜜罐识别、DNS数据威胁等。2020/12/28-2021/01/03

安全技术

[Web安全] 记一次利用阿D注入渗透实战案例

https://mp.weixin.qq.com/s/DqqQkvZ1gNDyLcyNC2COAQ

[Web安全] AD-Pentest-Notes: 用于记录内网渗透(域渗透)学习

https://github.com/chriskaliX/AD-Pentest-Notes

[观点] 安全研究员的自我修养

https://mp.weixin.qq.com/s/BuHQSLLeJ-EMhQSqFLgDgg

[漏洞分析] 静态程序分析入门教程

https://github.com/RangerNJU/Static-Program-Analysis-Book

[观点] 沙虫

https://mp.weixin.qq.com/s/eBTXxLn4NFvLq-nmAAXgyg

[运维安全] 数据安全建设实践系列——数据资产平台建设

https://mp.weixin.qq.com/s/oofMyBaS7EMnUMy61Y-5MQ

[工具] MDAT - 综合数据库攻击利用工具

https://github.com/SafeGroceryStore/MDAT

[漏洞分析] 基于机器学习的漏洞检测高影响因素实证研究

https://www.anquanke.com/post/id/220795

[运维安全] 开源自研HIDS——AgentSmith-HIDS

https://mp.weixin.qq.com/s/sAh_VH5zTuxHRFawYMvuOw

[Web安全] JAVA安全编码

https://mp.weixin.qq.com/s/p0SZN87PilFHUmENas6QEg

[恶意分析] 关于Python病毒样本的分析方法

https://www.anquanke.com/post/id/226721

[恶意分析] Using MITRE ATT&CK to Identify an APT Attack

https://www.trendmicro.com/vinfo/us/security/news/managed-detection-and-response/using-mitre-att-ck-to-identify-an-apt-attack

[杂志] SecWiki周刊(第356期)

https://www.sec-wiki.com/weekly/356

[移动安全] apkleaks: Scanning APK file for URIs, endpoints & secrets

https://github.com/dwisiswant0/apkleaks

[恶意分析] JARM : 检测恶意服务器的可靠指纹

https://mp.weixin.qq.com/s/p55LNt9PK0MKEjN3MGPAOg

[漏洞分析] reverse engineering course covering x86, x64, ARM

https://github.com/mytechnotalent/Reverse-Engineering-Tutorial

[视频] 2020 南京大学 “操作系统:设计与实现”

https://www.bilibili.com/video/BV1N741177F5

[漏洞分析] FreeRTOS Reverse Engineering

https://mp.weixin.qq.com/s/mnus1BN1CLX4rhrZ1ubnKQ

[运维安全] opencve: CVE Alerting Platform

https://github.com/opencve/opencve

[Web安全] 鲲鹏计算专场-WriteUp

https://mp.weixin.qq.com/s/S7d-oS_b3Xx688a_jeQC2w

[漏洞分析] fire_vulnerability_scanner: 一款http协议的漏洞扫描框架

https://github.com/coodyer/fire_vulnerability_scanner

[观点] 网空靶场:从炒作到现实-2020

https://mp.weixin.qq.com/s/zu2Je_A_x06k78tzrXyjbg

[Web安全] Windows Lateral Movement Part 1 – WMI Event Subscription

https://www.mdsec.co.uk/2020/09/i-like-to-move-it-windows-lateral-movement-part-1-wmi-event-subscription/

[其它] 浅谈Mysql蜜罐识别

https://mp.weixin.qq.com/s/f30RvhYlB97dXnjzv4_H_Q

[Web安全] Windows Lateral Movement Part 2 – DCOM

https://www.mdsec.co.uk/2020/09/i-like-to-move-it-windows-lateral-movement-part-2-dcom/

[漏洞分析] Vulnerabilities of Machine Learning Infrastructure (Slides/Video)

http://www.scada.sl/2020/12/vulnerabilities-of-machine-learning.html

[恶意分析] DNSMon: 用DNS数据进行威胁发现(2)

https://blog.netlab.360.com/use-dns-data-produce-threat-intelligence-2/

[运维安全] 基于Docker的分布式OpenVAS(GVM)

https://www.freebuf.com/sectool/259225.html

-----微信ID:SecWiki-----
SecWiki,9年来一直专注安全技术资讯分析!

SecWiki周刊(第357期)

本文始发于微信公众号(SecWiki):SecWiki周刊(第357期)

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: