secwiki 节点

当前节点:secwiki

时间	节点
2021-04-14 00:00:21	SecWiki周报	SecWiki News 2021-04-13 Review SmartyPHP沙箱逃逸分析 https://www.anquanke.com/post/id/235505 Spring Boot Fat Jar 写文件漏洞到稳定 RCE 的探索 https://landgrey.me/blog/22/ 主流WebShell工具流量层分析 https://xz.aliyun.com/t/9404 MindAPI: Bringing order to API hacking chaos https://github.com/dsopas/MindAPI 微信小程序反编译 https://www.sec-in.com/article/1012 从BCTF人机对抗视角浅谈自动化攻防技术发展 https://mp.weixin.qq.com/s/5wR37FLoTPn3fftxZw_Brw
2021-04-13 00:11:38	SecWiki周报	SecWiki News 2021-04-12 Review InScan: 边界打点后的自动化渗透工具 https://github.com/inbug-team/InScan/ HackMyVM：CROSSROADS:1 https://www.sec-in.com/article/1009 SecWiki周刊（第371期) https://www.sec-wiki.com/weekly/371 安全学术圈2020年度总结 https://mp.weixin.qq.com/s/Tn_nNer_xdDbWmComqV8uw
2021-04-12 00:10:55	SecWiki周报	SecWiki News 2021-04-11 Review 红队攻击前隐匿流量的基本方法 https://mp.weixin.qq.com/s/eoui4xAuUF5X2H3jWq43tQ NLP知识简单总结及NLP论文撰写之道 https://mp.weixin.qq.com/s/Ioov6PCm8o6cRq0W9sykQw 深度分析：主流网络侦察技术与应对策略 https://mp.weixin.qq.com/s/Aaxu4C_Lf3I-bdPIXi8tIw 深度揭密高通4/5G移动基带消息系统和状态机 https://github.com/vessial/baseband/blob/master/Qualcomm_BaseBand_Messaging_and_State_Machine.md 浅析 AWS S3 子域名接管漏洞 https://mp.weixin.qq.com/s/q3bsrCKacuepKoFljYxJcg
2021-04-11 00:10:05	SecWiki周报	SecWiki News 2021-04-10 Review 基于javaAgent内存马检测查杀指南 https://mp.weixin.qq.com/s/Whta6akjaZamc3nOY1Tvxg 一次嵌入式固件逆向实践 https://mp.weixin.qq.com/s/-eUweGQi633D2W1Vs_bIFg Four Bytes of Power: exploiting CVE-2021-26708 in the Linux kernel http://blog.ptsecurity.com/2021/04/four-bytes-of-power-exploiting-cve-2021.html 深度分析：4种国产CPU架构和6大品牌 https://mp.weixin.qq.com/s/FoAPSNW0LFKuerEPJfFmgw 白盒代码审计系统建设实践2：深入理解SAST https://mp.weixin.qq.com/s/jQfsUg4vhEs3XwTcXkqhyQ
2021-04-10 00:10:30	SecWiki周报	SecWiki News 2021-04-09 Review 开始使用 Go https://docs.microsoft.com/zh-cn/learn/paths/go-first-steps/ Pwn2Own 2021全程（附结果和录像视频） https://mp.weixin.qq.com/s/blwGELCaPKC1HTczBcWkfQ 从CTF比赛真题中学习压缩包伪加密与图片隐写术 https://www.sec-in.com/article/1002 游戏业务DDoS攻防对抗案例分享 https://security.tencent.com/index.php/blog/msg/186 IDA Pro 分析 dyld_shared_cache https://mp.weixin.qq.com/s/PGC7LKu-oC5ZaRxLFrhTsg 记一次完整的内网渗透经历 https://xz.aliyun.com/t/9374
2021-04-09 00:08:45	SecWiki周报	SecWiki News 2021-04-08 Review 动态定时任务业务中的RCE https://www.sec-in.com/article/1001 S&P 2021 论文录用列表 https://mp.weixin.qq.com/s/8GUnjS_T1H7gqSVPInFObg
2021-04-08 00:06:18	SecWiki周报	SecWiki News 2021-04-07 Review HIDS-Agent开发之检测反弹shell https://www.anquanke.com/post/id/235717 IDA 辅助工具Karta——二进制文件中搜索开源代码 https://www.anquanke.com/post/id/235632 ELK在渗透测试中的利用与安全配置解析 https://xz.aliyun.com/t/9370 内网渗透--对不出网目标的打法 https://xz.aliyun.com/t/9372 某VPN客户端远程下载文件执行挖掘 https://mp.weixin.qq.com/s/XbsxziIFKx8VhGd-pv0Ghg Shiro-550反序列化漏洞分析 https://www.sec-in.com/article/999
2021-04-07 00:03:48	SecWiki周报	SecWiki News 2021-04-06 Review 俄罗斯网络空间攻击特点与模式 https://mp.weixin.qq.com/s/oMy1EDOYPT82ec5QEdiIVA Dragos《2020年度工控网络安全回顾》 https://mp.weixin.qq.com/s/ceASNJrgKkqgzlCnxNps7Q 驱动病毒那些事（完结）----劫持 https://www.sec-in.com/article/997 As-Exploits-部分后渗透模块 https://mp.weixin.qq.com/s/8G0il9gIkubI1w15gOBX6A
2021-04-06 00:02:05	SecWiki周报	SecWiki News 2021-04-05 Review GAN的前世今生 https://mp.weixin.qq.com/s/CGngRxjVtOKHNsTrXBiD7w 硬件安全技术研究 https://mp.weixin.qq.com/s/YuYmMryfgFi0XqD96WelHg SecWiki周刊（第370期) https://www.sec-wiki.com/weekly/370
2021-04-05 00:00:49	SecWiki周报	SecWiki News 2021-04-04 Review Git-RCE：CVE-2021-21300 https://mp.weixin.qq.com/s/VO2dHNVbPcpZQtnBRMNNag
2021-04-04 00:19:35	SecWiki周报	SecWiki News 2021-04-03 Review CVE-2016-0165 Win32k漏洞分析笔记 https://xz.aliyun.com/t/9348 DGA域名检测的工程实践 https://mp.weixin.qq.com/s/GlWqTWQzBfoXt8J8uJAPRQ 安全是一门语言的艺术：威胁调查分析语言概述 https://mp.weixin.qq.com/s/U8E4JxMDeL5IeVGAh9fuiQ 对美军新近发展作战理念的梳理与思考 https://mp.weixin.qq.com/s/D8T6ImssRi8sjDqD4_bGpg 网络空间资产测绘(CAM)能力指南 https://mp.weixin.qq.com/s/p3LwmZq7nrGOy5qy7p9SDQ
2021-04-03 00:12:18	SecWiki周报	SecWiki News 2021-04-02 Review 国内伪基站垃圾短信生态系统研究 https://mp.weixin.qq.com/s/te4igYM_PHbf2xedXdmQxw 驱动病毒那些事(三)----APC注入 https://www.sec-in.com/article/994
2021-04-02 00:06:18	SecWiki周报	SecWiki News 2021-04-01 Review 驱动病毒那些事(二)----回调 https://www.sec-in.com/article/992 基于关键词的大型红蓝对抗经验分享 https://mp.weixin.qq.com/s/8boR_ZucLk5nMJwfi2UdGA 基于污点调用链的代码审计开源工具 https://mp.weixin.qq.com/s/iSHmK4Fbl0whDvIH-u8tag 鸠占鹊巢: Furucombo 攻击事件分析 https://mp.weixin.qq.com/s/jDQhFNEeIMT_cdjHkggYjw
2021-04-01 00:02:52	SecWiki周报	SecWiki News 2021-03-31 Review 国际视野看工控靶场的融合与创新 https://mp.weixin.qq.com/s/PToOOhcCKe6bjQvrdYBXYg 符号执行Symcc与模糊测试AFL结合实践 https://mp.weixin.qq.com/s/_qj40FMl7UwDswJ89z5uiA 驱动病毒那些事(一)----基础 https://www.sec-in.com/article/989
2021-03-31 00:00:46	SecWiki周报	SecWiki News 2021-03-30 Review SecWiki周刊（第369期) https://www.sec-wiki.com/weekly/369
2021-03-30 00:19:48	SecWiki周报	SecWiki News 2021-03-29 Review 病毒分析之伪装eset升级程序 https://www.sec-in.com/article/960
2021-03-29 00:18:04	SecWiki周报	SecWiki News 2021-03-28 Review
2021-03-28 00:16:24	SecWiki周报	SecWiki News 2021-03-27 Review
2021-03-27 00:35:28	SecWiki周报	SecWiki News 2021-03-26 Review 剑指钓鱼基建自动化的想法 https://mp.weixin.qq.com/s/5ofJ6J1KVQIvVB3dZdIVng 浅析软件供应链攻击之包抢注低成本钓鱼 https://mp.weixin.qq.com/s/JWSjKZWyuSvXdzYhU0INmQ Kscan：轻量级的资产发现工具 https://github.com/lcvvvv/kscan 国内网络安全信息与事件管理类产品研究与测试报告（2021年） http://www.caict.ac.cn/kxyj/qwfb/ztbg/202103/P020210324512102846900.pdf 中国网络安全行业全景图（2021年3月第八版） https://mp.weixin.qq.com/s/Z3rIpxl9ZOVuZzTABAojvg A Year in the Life of a Compiler Fuzzing Campaign https://blog.trailofbits.com/2021/03/23/a-year-in-the-life-of-a-compiler-fuzzing-campaign/ 一些网络空间搜索引擎相关的资料 https://github.com/EXHades/CyberSpaceSearchEngine-Research 一些webshell免杀的技巧 https://xz.aliyun.com/t/9290 蓝队溯源与反制 https://xz.aliyun.com/t/9316 记一次跌宕起伏的白盒审计到RCE https://xz.aliyun.com/t/9319 MSSQL 数据库攻击实战指北—防守方攻略 https://mp.weixin.qq.com/s/uENvpPan7aVd7MbSoAT9Dg TinyInst动态插桩工具原理分析 https://www.anquanke.com/post/id/234925 Java反序列化漏洞浅析 https://www.anquanke.com/post/id/235511 qemu逃逸学习 https://www.anquanke.com/post/id/235191 一次金融行业的红蓝对抗总结 https://www.sec-in.com/article/969
2021-03-26 00:14:18	SecWiki周报	SecWiki News 2021-03-25 Review H2C Smuggling in the Wild https://blog.assetnote.io/2021/03/18/h2c-smuggling/ Hidden OAuth attack vectors https://portswigger.net/research/hidden-oauth-attack-vectors 网络空间测绘核心技术之：协议识别（DCERPC篇） https://mp.weixin.qq.com/s/jsOyxiDBnvi4PiqdgA3dvw
2021-03-25 00:14:08	SecWiki周报	SecWiki News 2021-03-24 Review 硬核黑客笔记 - 怒吼吧电磁波 (上) https://mp.weixin.qq.com/s/SUjjKY_TIj10rpQW9tkH9A 利用字符集编码绕过waf的burp插件 https://github.com/GuoKerS/Charset_encoding-Burp Driftingblues3靶机渗透 https://www.sec-in.com/article/967
2021-03-24 00:13:06	SecWiki周报	SecWiki News 2021-03-23 Review 模型可解释性在保险理赔反欺诈中的实践 https://mp.weixin.qq.com/s/7Qa4PZCXARqEK-iphVPTjA 2020年联网智能设备安全态势报告 https://mp.weixin.qq.com/s/GdSgHNTLjysqow4ka8tY7w 实践之后，我们来谈谈如何做好威胁建模 https://mp.weixin.qq.com/s/kNfTBoeFu90QPvYbPcR_OQ RemRAT潜伏在中东多年的Android间谍软件 https://mp.weixin.qq.com/s/RhM2qUxDWTyykCbSW6e8SQ
2021-03-23 00:12:19	SecWiki周报	SecWiki News 2021-03-22 Review 使用 AWS Lambda 隐藏 C&C 流量 https://mp.weixin.qq.com/s/F6QcVgSyXz3wwJlRDd8TVQ 我是如何低成本建立RapidDNS.io网站的 https://mp.weixin.qq.com/s/IwpflmaxVar3Vk5AqBmdAA HFish初版审计学习 https://www.sec-in.com/article/949 浅谈风控的架构 https://mp.weixin.qq.com/s/GAeau8TJEWZtrv5CHlSHNQ SecWiki周刊（第368期) https://www.sec-wiki.com/weekly/368
2021-03-22 00:11:55	SecWiki周报	SecWiki News 2021-03-21 Review 实战预演——Redis基于主从复制的RCE https://www.anquanke.com/post/id/234770 C/C++源码扫描系列- Fortify 篇 https://xz.aliyun.com/t/9276 自主搭建的三层网络域渗透靶场打靶记录 https://xz.aliyun.com/t/9281 C/C++源码扫描系列- Joern 篇 https://xz.aliyun.com/t/9277
2021-03-21 00:10:55	SecWiki周报	SecWiki News 2021-03-20 Review 负载均衡下的 WebShell 连接 https://mp.weixin.qq.com/s/4Bmz_fuu0yrLMK1oBKKtRA 谈谈国外互联网公司的骨干网 https://mp.weixin.qq.com/s/jET_vZUtYS8kQD8H-5j5KA All Your DNS Records Point to Us https://mp.weixin.qq.com/s/7-4QBjp_TAX74bWidegXHA 商业银行零信任安全架构研究 https://mp.weixin.qq.com/s/vpXdOOKFlZDioXDQnn0GLg
2021-03-20 00:30:46	SecWiki周报	SecWiki News 2021-03-19 Review 如何在技术领域产生自己的影响力 https://mp.weixin.qq.com/s/Himw3mpv7fDy96bdJQA5xg 我在学习和实践图数据库 Neo4j 的漫漫成长路 https://vancir.github.io/the-journey-of-learning-neo4j.html
2021-03-19 00:09:35	SecWiki周报	SecWiki News 2021-03-18 Review 新型僵尸网络隐匿方式 https://mp.weixin.qq.com/s/OxLkZyvI2AASVrYUR4GPJg 如何高效的挖掘Java反序列化利用链？ https://www.anquanke.com/post/id/234537
2021-03-18 00:08:58	SecWiki周报	SecWiki News 2021-03-17 Review RapidDNS网站在SRC漏洞挖掘中的一个思路 https://mp.weixin.qq.com/s/bTA0DVfmPVArYXG5MHRAbg DuckMemoryScan: 内存免杀马检测 https://github.com/huoji120/DuckMemoryScan CVE-2019-2215复现过程记录 https://xz.aliyun.com/t/9273 C/C++源码扫描系列- codeql 篇 https://xz.aliyun.com/t/9275 一个网络安全从业者的专业搜索引擎 https://mp.weixin.qq.com/s/D8JhdhzY6cpShKX2J-t_rQ Apache Solr 组件安全概览 https://mp.weixin.qq.com/s/3WuWUGO61gM0dBpwqTfenQ 流行窃密类木马分析（下） https://mp.weixin.qq.com/s/R4sOXCP-_T3NGN5d7Ybl6Q
2021-03-17 00:08:20	SecWiki周报	SecWiki News 2021-03-16 Review
2021-03-16 00:07:47	SecWiki周报	SecWiki News 2021-03-15 Review 知识图谱技术如何赋能智能安全运营 https://mp.weixin.qq.com/s/qOuvPv8cm1S-jA-gqH1hZg 隐蔽信道：隐形网络 https://www.sec-in.com/article/57 SecWiki周刊（第367期) https://www.sec-wiki.com/weekly/367
2021-03-15 00:27:11	SecWiki周报	SecWiki News 2021-03-14 Review 最后防线：osquery功能与实现 https://mp.weixin.qq.com/s/PvnLnn1gDcl_X4fyocyPrA
2021-03-14 00:06:38	SecWiki周报	SecWiki News 2021-03-13 Review Shiro 反序列化漏洞利用工具编写思路 https://mp.weixin.qq.com/s/WDmj4-2lB-hlf_Fm_wDiOg 对蚁剑的相关改造及分析 https://www.anquanke.com/post/id/233114 如何攻击深度学习系统——后门攻防 https://www.anquanke.com/post/id/232414 IoT设备漏洞复现到固件后门植入 https://www.anquanke.com/post/id/232845 TIG 威胁情报收集 https://github.com/wgpsec/tig GoScan: 分布式综合资产管理系统 https://github.com/CTF-MissFeng/GoScan 监控github上新增的cve编号项目漏洞 https://github.com/yhy0/github-cve-monitor 网络测绘-立体呈现网络事件细节知多少？ https://mp.weixin.qq.com/s/LwWMfOMqSgArtv9jlfaPRw
2021-03-13 01:05:55	SecWiki周报	SecWiki News 2021-03-12 Review JavaScript反调试技巧 https://mp.weixin.qq.com/s/NMJd91AmuGEANz00sZELfw 资产管理的难点 https://mp.weixin.qq.com/s/DqtIzNdDvB7pYjXmoP1quQ Japan Security Analyst Conference 2021 -1st Track- https://blogs.jpcert.or.jp/en/2021/03/jsac2021report3.html Examining Exchange Exploitation and its Lessons for Defenders https://www.domaintools.com/resources/blog/examining-exchange-exploitation-and-its-lessons-for-defenders
2021-03-12 00:05:30	SecWiki周报	SecWiki News 2021-03-11 Review Google内部开源组件的风险治理框架与工作流程窥探 https://zhuanlan.zhihu.com/p/356415256 通达 OA 11.7 组合拳 RCE 利用分析通达 OA 11.7 组合拳 RCE 利用分析
2021-03-11 00:24:59	SecWiki周报	SecWiki News 2021-03-10 Review 某oa java代码审计2 https://xz.aliyun.com/t/9226 某oa java代码审计1 https://xz.aliyun.com/t/9225 两道CSP题目绕过分析 https://xz.aliyun.com/t/9219 免杀/一句话木马(PHP) https://xz.aliyun.com/t/9246 D^3CTF-WriteUp https://mp.weixin.qq.com/s/oOf0RI6P2hEwtPXWP6yU4Q Data Science Testbed for Security Researchers https://www.azsecure-data.org/
2021-03-10 00:04:20	SecWiki周报	SecWiki News 2021-03-09 Review Signal 数据分析 https://mp.weixin.qq.com/s/AiHRwc0LBUyxkg0vcu12eg 漏洞威胁分析报告（上册）- 不同视角下的漏洞威胁 https://mp.weixin.qq.com/s/gIEPvwBE61axZfhBbB9aiw RapidDNS.IO 网站应用实例 https://mp.weixin.qq.com/s/ttbJY33W7Bmog_MgNZXc6Q 牛红红的日记（平平无奇拿下域控） https://www.sec-in.com/article/903 A Basic Timeline of the Exchange Mass-Hack https://krebsonsecurity.com/2021/03/a-basic-timeline-of-the-exchange-mass-hack/
2021-03-09 00:03:36	SecWiki周报	SecWiki News 2021-03-08 Review Frida 入门 https://www.sec-in.com/article/799 SecWiki周刊（第366期) https://www.sec-wiki.com/weekly/366 从PR中学习如何修改 flashrom 读取国产 flash https://mp.weixin.qq.com/s/kifu_p4eOfy1kuSfLMrXMw
2021-03-08 00:02:53	SecWiki周报	SecWiki News 2021-03-07 Review 关于近期Microsoft Exchange多个高危漏洞——ProxyLogon https://mp.weixin.qq.com/s/cmgY6W_cGtGacfYgiac5qQ 2020年区块链安全态势感知报告 https://bc.cnvd.org.cn/notice_info?num=0c4088bbb6f7346000c3ac1ce13f0347 Firm-AFL：高效的IoT固件灰盒fuzz https://mp.weixin.qq.com/s/-s5GGA70vcHAVfyz1QeBtQ
2021-03-07 00:22:26	SecWiki周报	SecWiki News 2021-03-06 Review
2021-03-06 00:02:04	SecWiki周报	SecWiki News 2021-03-05 Review 游戏安全评审的技术进阶之路 https://mp.weixin.qq.com/s/ZIzjIZziM6inUNlr2CKBCg 外卖特征平台的建设与实践 https://mp.weixin.qq.com/s/YyRLJa9NomPvzTWJKaCesQ Mydoom病毒分析报告 https://mp.weixin.qq.com/s/8drGAZA0sbBFeJd9h8WPLw
2021-03-05 00:15:32	SecWiki周报	SecWiki News 2021-03-04 Review 以蓝军视角跟踪和分析CANVAS攻击框架泄露事件 https://mp.weixin.qq.com/s/eQ-KDMoirOwx-pFxUcNjtQ 流行窃密类木马分析（上） https://mp.weixin.qq.com/s/AI_mG-I3buqx1W4C2o24jg Exploitation of Multiple Zero-Day Microsoft Exchange Vulnerabilities https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/ 智能化时代的代码缺陷检查探索 https://juejin.cn/post/6935413169271603208 趋势科技 2020 年度网络安全报告 https://mp.weixin.qq.com/s/6pnaFU5PfYGs4d0oLmRkJA
2021-03-04 00:14:09	SecWiki周报	SecWiki News 2021-03-03 Review sqlinjection-detect: C语言编写的基于语义分析的SQL注入检测库 https://github.com/peter-cui1221/sqlinjection-detect Node.js原型链污染的利用 https://www.freebuf.com/articles/web/264966.html PHP反序列化 — 字符逃逸 https://xz.aliyun.com/t/9213 SonicWall SSL-VPN 远程命令执行 https://www.sec-in.com/article/899
2021-03-03 00:16:18	SecWiki周报	SecWiki News 2021-03-02 Review 红蓝对抗中的云原生漏洞挖掘及利用实录 https://mp.weixin.qq.com/s/Aq8RrH34PTkmF8lKzdY38g PCAP-ATTACK: PCAP Samples for Different Post Exploitation Techniques https://github.com/sbousseaden/PCAP-ATTACK VMware vCenter RCE (CVE-2021-21972) 漏洞复现与 Exp 编写 https://mp.weixin.qq.com/s/2pvaQborwMM8UHnWS_CeXA IOT安全（二）——再探stm32 https://www.anquanke.com/post/id/231440
2021-03-02 00:19:03	SecWiki周报	SecWiki News 2021-03-01 Review 恶意软件分析工具集成环境 https://mp.weixin.qq.com/s/WMWQUWu8dt45iQsrcLfSxg 大白话解释拟态安全 https://mp.weixin.qq.com/s/UR0XbF02JJmo7RbNF1CYVw 浅谈如何有效落地DevSecOps https://mp.weixin.qq.com/s/5eX3-SCfvFfRitb9_onjvw SecWiki周刊（第365期) https://www.sec-wiki.com/weekly/365
2021-03-01 00:17:52	SecWiki周报	SecWiki News 2021-02-28 Review 内网渗透代理之frp的应用与改造（二） https://www.anquanke.com/post/id/231685 内网渗透代理之frp的应用与改造（一） https://www.anquanke.com/post/id/231424 Apache Axis1 与 Axis2 WebService 的漏洞利用总结 https://paper.seebug.org/1489/ CDN 2021 完全攻击指南（三） https://www.anquanke.com/post/id/231441
2021-02-28 00:17:24	SecWiki周报	SecWiki News 2021-02-27 Review 美国国家安全局发布零信任安全模型指南 https://mp.weixin.qq.com/s/UsClBKw4Fglcn8ludJtRKQ 从“产品模式”到“运营模式” https://mp.weixin.qq.com/s/mIbwVj3oVEnippj5YGkNTA
2021-02-27 00:16:44	SecWiki周报	SecWiki News 2021-02-26 Review 美军网络空间作战理论体系初探 https://mp.weixin.qq.com/s/Im-bacvc_1GGvLPtRspicw An Exploration of JSON Interoperability Vulnerabilities https://labs.bishopfox.com/tech-blog/an-exploration-of-json-interoperability-vulnerabilities
2021-02-26 00:15:48	SecWiki周报	SecWiki News 2021-02-25 Review 业务安全的上岸体历 https://www.sec-in.com/article/890
2021-02-25 09:33:09	SecWiki周报	SecWiki News 2021-02-24 Review 基于数据的越权检测思路 https://www.freebuf.com/articles/web/252025.html 美国网络空间攻击特点与模式 https://mp.weixin.qq.com/s/gbyWEB6IbANJ-B2eRboYHg f8x: 红/蓝队环境自动化部署工具 https://github.com/ffffffff0x/f8x JAVA安全基础（二）-- 反射机制 https://xz.aliyun.com/t/9117 DA14531芯片固件逆向系列（2）- 操作系统底层机制分析 https://xz.aliyun.com/t/9186 红蓝对抗之邮件伪造 https://mp.weixin.qq.com/s/tOOBZ1aC6SsjslCM70WKBQ 钓鱼基础设施的应用分析 https://www.anquanke.com/post/id/231444 Angr源码阅读笔记01 https://www.anquanke.com/post/id/231460 如何隐蔽你的C2 https://www.anquanke.com/post/id/231448 恶意代码检测的本质性思考 https://zhuanlan.zhihu.com/p/352004681 A Cyber Threat Intelligence Self-Study Plan: Part 1 https://medium.com/katies-five-cents/a-cyber-threat-intelligence-self-study-plan-part-1-968b5a8daf9a
2021-02-24 00:04:57	SecWiki周报	SecWiki News 2021-02-23 Review NDSS 2021 参会小记—2月22日论文报告 https://mp.weixin.qq.com/s/LI49ioKYMksguQMqKH1Rcw 漏洞管理的“新药” https://mp.weixin.qq.com/s/5Y-3r1KuJgCbNrWUGoKq0w CDN 2021 完全攻击指南（二） https://www.anquanke.com/post/id/231437 CDN 2021 完全攻击指南（一） https://www.anquanke.com/post/id/227818 菜菜鸡的初体验之内网渗透 https://xz.aliyun.com/t/9190
2021-02-23 00:04:05	SecWiki周报	SecWiki News 2021-02-22 Review 详解反弹shell多维检测技术 https://www.freebuf.com/articles/network/263684.html SecWiki周刊（第364期) https://www.sec-wiki.com/weekly/364
2021-02-22 00:14:19	SecWiki周报	SecWiki News 2021-02-21 Review 文本对抗综述（一） https://mp.weixin.qq.com/s/fYANjVp6CUOqri8mfA8vew
2021-02-21 10:54:07	SecWiki周报	SecWiki News 2021-02-20 Review 利用angr符号执行去除虚假控制流 https://mp.weixin.qq.com/s/d8xoR3VdMf6lMfnETaQHZw 网络空间搜索引擎研究 https://mp.weixin.qq.com/s/ZIa1myq4xoBlAHvdR0ipTw Nuclei: 基于Go语言开发的开源安全漏洞扫描工具使用初探 https://mp.weixin.qq.com/s/C_-FRZMqF4ifzlx-ij4iIQ 软件安全能力成熟度评估实践 https://mp.weixin.qq.com/s/_s5m8WxlwnoI4-Ea8SJfCA XStream RCE Analysis https://lightless.me/archives/xstream-rce-analysis.html
2021-02-20 00:03:25	SecWiki周报	SecWiki News 2021-02-19 Review Browser Tracking Using Favicons https://www.schneier.com/blog/archives/2021/02/browser-tracking-using-favicons.html 物联网开源组件安全Node-RED白盒审计 https://security.tencent.com/index.php/blog/msg/181 记一场纯JS赛——DiceCTF2021 Web题解 https://www.anquanke.com/post/id/231421 魔罗桫组织最新样本分析学习 https://www.anquanke.com/post/id/231409 一次内网挖矿病毒的应急响应 https://xz.aliyun.com/t/9180 BlackHat2020 议题「When TLS Hacks You」复现 https://xz.aliyun.com/t/9177
2021-02-19 00:16:16	SecWiki周报	SecWiki News 2021-02-18 Review 甲方安全体系建设历程的思考 https://mp.weixin.qq.com/s/YTNWqXkcqTbjhdcIGpxE6w 苹果隐私十年史：变与不变（5）演变与结尾 https://mp.weixin.qq.com/s/KyPoe9_ZxmZ-vDwTsqYD0g 苹果隐私十年史：变与不变（4）体验与卖点 https://mp.weixin.qq.com/s/xTSuADi85josUEA3DTNrRw 苹果隐私十年史：变与不变（3）产品与常识 https://mp.weixin.qq.com/s/8-xZqAbgRCWcOSyY5x-OvA 苹果隐私十年史：变与不变（2）营销与产品 https://mp.weixin.qq.com/s/OgbdJTnIekWl07yzHuCFDg 苹果隐私十年史：变与不变（1）突变与营销 https://mp.weixin.qq.com/s/qqQ1BgFshie288wZEWGaEw 浅析Course of Action应对措施 https://mp.weixin.qq.com/s/ikHga0fGa0euwGYohv534g
2021-02-18 00:15:13	SecWiki周报	SecWiki News 2021-02-17 Review 做信息安全BP的一些感悟 https://mp.weixin.qq.com/s/qygwMIGX3PhbnKuPwQqfUQ