本期关键字:内网渗透、自我修养、静态程序分析、数据资产平台、数据库攻击利用、漏洞检测高影响因素、自研HIDS、JAVA安全编码、恶意服务器指纹、网空靶场、漏洞扫描框架、Mysql蜜罐识别、DNS数据威胁等。2020/12/28-2021/01/03
安全技术
[Web安全] 记一次利用阿D注入渗透实战案例
https://mp.weixin.qq.com/s/DqqQkvZ1gNDyLcyNC2COAQ
[Web安全] AD-Pentest-Notes: 用于记录内网渗透(域渗透)学习
https://github.com/chriskaliX/AD-Pentest-Notes
[观点] 安全研究员的自我修养
https://mp.weixin.qq.com/s/BuHQSLLeJ-EMhQSqFLgDgg
[漏洞分析] 静态程序分析入门教程
https://github.com/RangerNJU/Static-Program-Analysis-Book
[观点] 沙虫
https://mp.weixin.qq.com/s/eBTXxLn4NFvLq-nmAAXgyg
[运维安全] 数据安全建设实践系列——数据资产平台建设
https://mp.weixin.qq.com/s/oofMyBaS7EMnUMy61Y-5MQ
[工具] MDAT - 综合数据库攻击利用工具
https://github.com/SafeGroceryStore/MDAT
[漏洞分析] 基于机器学习的漏洞检测高影响因素实证研究
https://www.anquanke.com/post/id/220795
[运维安全] 开源自研HIDS——AgentSmith-HIDS
https://mp.weixin.qq.com/s/sAh_VH5zTuxHRFawYMvuOw
[Web安全] JAVA安全编码
https://mp.weixin.qq.com/s/p0SZN87PilFHUmENas6QEg
[恶意分析] 关于Python病毒样本的分析方法
https://www.anquanke.com/post/id/226721
[恶意分析] Using MITRE ATT&CK to Identify an APT Attack
https://www.trendmicro.com/vinfo/us/security/news/managed-detection-and-response/using-mitre-att-ck-to-identify-an-apt-attack
[杂志] SecWiki周刊(第356期)
https://www.sec-wiki.com/weekly/356
[移动安全] apkleaks: Scanning APK file for URIs, endpoints & secrets
https://github.com/dwisiswant0/apkleaks
[恶意分析] JARM : 检测恶意服务器的可靠指纹
https://mp.weixin.qq.com/s/p55LNt9PK0MKEjN3MGPAOg
[漏洞分析] reverse engineering course covering x86, x64, ARM
https://github.com/mytechnotalent/Reverse-Engineering-Tutorial
[视频] 2020 南京大学 “操作系统:设计与实现”
https://www.bilibili.com/video/BV1N741177F5
[漏洞分析] FreeRTOS Reverse Engineering
https://mp.weixin.qq.com/s/mnus1BN1CLX4rhrZ1ubnKQ
[运维安全] opencve: CVE Alerting Platform
https://github.com/opencve/opencve
[Web安全] 鲲鹏计算专场-WriteUp
https://mp.weixin.qq.com/s/S7d-oS_b3Xx688a_jeQC2w
[漏洞分析] fire_vulnerability_scanner: 一款http协议的漏洞扫描框架
https://github.com/coodyer/fire_vulnerability_scanner
[观点] 网空靶场:从炒作到现实-2020
https://mp.weixin.qq.com/s/zu2Je_A_x06k78tzrXyjbg
[Web安全] Windows Lateral Movement Part 1 – WMI Event Subscription
https://www.mdsec.co.uk/2020/09/i-like-to-move-it-windows-lateral-movement-part-1-wmi-event-subscription/
[其它] 浅谈Mysql蜜罐识别
https://mp.weixin.qq.com/s/f30RvhYlB97dXnjzv4_H_Q
[Web安全] Windows Lateral Movement Part 2 – DCOM
https://www.mdsec.co.uk/2020/09/i-like-to-move-it-windows-lateral-movement-part-2-dcom/
[漏洞分析] Vulnerabilities of Machine Learning Infrastructure (Slides/Video)
http://www.scada.sl/2020/12/vulnerabilities-of-machine-learning.html
[恶意分析] DNSMon: 用DNS数据进行威胁发现(2)
https://blog.netlab.360.com/use-dns-data-produce-threat-intelligence-2/
[运维安全] 基于Docker的分布式OpenVAS(GVM)
https://www.freebuf.com/sectool/259225.html
-----微信ID:SecWiki-----
SecWiki,9年来一直专注安全技术资讯分析!
本文始发于微信公众号(SecWiki):SecWiki周刊(第357期)
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论