当前节点:secwiki
时间节点
2021-04-14 00:00:21SecWiki周报
SmartyPHP沙箱逃逸分析 https://www.anquanke.com/post/id/235505
Spring Boot Fat Jar 写文件漏洞到稳定 RCE 的探索 https://landgrey.me/blog/22/
主流WebShell工具流量层分析 https://xz.aliyun.com/t/9404
MindAPI: Bringing order to API hacking chaos https://github.com/dsopas/MindAPI
微信小程序反编译 https://www.sec-in.com/article/1012
从BCTF人机对抗视角浅谈自动化攻防技术发展 https://mp.weixin.qq.com/s/5wR37FLoTPn3fftxZw_Brw
2021-04-13 00:11:38SecWiki周报
InScan: 边界打点后的自动化渗透工具 https://github.com/inbug-team/InScan/
HackMyVM:CROSSROADS:1 https://www.sec-in.com/article/1009
SecWiki周刊(第371期) https://www.sec-wiki.com/weekly/371
安全学术圈2020年度总结 https://mp.weixin.qq.com/s/Tn_nNer_xdDbWmComqV8uw
2021-04-12 00:10:55SecWiki周报
红队攻击前隐匿流量的基本方法 https://mp.weixin.qq.com/s/eoui4xAuUF5X2H3jWq43tQ
NLP知识简单总结及NLP论文撰写之道 https://mp.weixin.qq.com/s/Ioov6PCm8o6cRq0W9sykQw
深度分析:主流网络侦察技术与应对策略 https://mp.weixin.qq.com/s/Aaxu4C_Lf3I-bdPIXi8tIw
深度揭密高通4/5G移动基带消息系统和状态机 https://github.com/vessial/baseband/blob/master/Qualcomm_BaseBand_Messaging_and_State_Machine.md
浅析 AWS S3 子域名接管漏洞 https://mp.weixin.qq.com/s/q3bsrCKacuepKoFljYxJcg
2021-04-11 00:10:05SecWiki周报
基于javaAgent内存马检测查杀指南 https://mp.weixin.qq.com/s/Whta6akjaZamc3nOY1Tvxg
一次嵌入式固件逆向实践 https://mp.weixin.qq.com/s/-eUweGQi633D2W1Vs_bIFg
Four Bytes of Power: exploiting CVE-2021-26708 in the Linux kernel http://blog.ptsecurity.com/2021/04/four-bytes-of-power-exploiting-cve-2021.html
深度分析:4种国产CPU架构和6大品牌 https://mp.weixin.qq.com/s/FoAPSNW0LFKuerEPJfFmgw
白盒代码审计系统建设实践2:深入理解SAST https://mp.weixin.qq.com/s/jQfsUg4vhEs3XwTcXkqhyQ
2021-04-10 00:10:30SecWiki周报
开始使用 Go https://docs.microsoft.com/zh-cn/learn/paths/go-first-steps/
Pwn2Own 2021全程(附结果和录像视频) https://mp.weixin.qq.com/s/blwGELCaPKC1HTczBcWkfQ
从CTF比赛真题中学习压缩包伪加密与图片隐写术 https://www.sec-in.com/article/1002
游戏业务DDoS攻防对抗案例分享 https://security.tencent.com/index.php/blog/msg/186
IDA Pro 分析 dyld_shared_cache https://mp.weixin.qq.com/s/PGC7LKu-oC5ZaRxLFrhTsg
记一次完整的内网渗透经历 https://xz.aliyun.com/t/9374
2021-04-09 00:08:45SecWiki周报
动态定时任务业务中的RCE https://www.sec-in.com/article/1001
S&P 2021 论文录用列表 https://mp.weixin.qq.com/s/8GUnjS_T1H7gqSVPInFObg
2021-04-08 00:06:18SecWiki周报
HIDS-Agent开发之检测反弹shell https://www.anquanke.com/post/id/235717
IDA 辅助工具Karta——二进制文件中搜索开源代码 https://www.anquanke.com/post/id/235632
ELK在渗透测试中的利用与安全配置解析 https://xz.aliyun.com/t/9370
内网渗透--对不出网目标的打法 https://xz.aliyun.com/t/9372
某VPN客户端远程下载文件执行挖掘 https://mp.weixin.qq.com/s/XbsxziIFKx8VhGd-pv0Ghg
Shiro-550反序列化漏洞分析 https://www.sec-in.com/article/999
2021-04-07 00:03:48SecWiki周报
俄罗斯网络空间攻击特点与模式 https://mp.weixin.qq.com/s/oMy1EDOYPT82ec5QEdiIVA
Dragos《2020年度工控网络安全回顾》 https://mp.weixin.qq.com/s/ceASNJrgKkqgzlCnxNps7Q
驱动病毒那些事(完结)----劫持 https://www.sec-in.com/article/997
As-Exploits-部分后渗透模块 https://mp.weixin.qq.com/s/8G0il9gIkubI1w15gOBX6A
2021-04-06 00:02:05SecWiki周报
GAN的前世今生 https://mp.weixin.qq.com/s/CGngRxjVtOKHNsTrXBiD7w
硬件安全技术研究 https://mp.weixin.qq.com/s/YuYmMryfgFi0XqD96WelHg
SecWiki周刊(第370期) https://www.sec-wiki.com/weekly/370
2021-04-05 00:00:49SecWiki周报
Git-RCE:CVE-2021-21300 https://mp.weixin.qq.com/s/VO2dHNVbPcpZQtnBRMNNag
2021-04-04 00:19:35SecWiki周报
CVE-2016-0165 Win32k漏洞分析笔记 https://xz.aliyun.com/t/9348
DGA域名检测的工程实践 https://mp.weixin.qq.com/s/GlWqTWQzBfoXt8J8uJAPRQ
安全是一门语言的艺术:威胁调查分析语言概述 https://mp.weixin.qq.com/s/U8E4JxMDeL5IeVGAh9fuiQ
对美军新近发展作战理念的梳理与思考 https://mp.weixin.qq.com/s/D8T6ImssRi8sjDqD4_bGpg
网络空间资产测绘(CAM)能力指南 https://mp.weixin.qq.com/s/p3LwmZq7nrGOy5qy7p9SDQ
2021-04-03 00:12:18SecWiki周报
国内伪基站垃圾短信生态系统研究 https://mp.weixin.qq.com/s/te4igYM_PHbf2xedXdmQxw
驱动病毒那些事(三)----APC注入 https://www.sec-in.com/article/994
2021-04-02 00:06:18SecWiki周报
驱动病毒那些事(二)----回调 https://www.sec-in.com/article/992
基于关键词的大型红蓝对抗经验分享 https://mp.weixin.qq.com/s/8boR_ZucLk5nMJwfi2UdGA
基于污点调用链的代码审计开源工具 https://mp.weixin.qq.com/s/iSHmK4Fbl0whDvIH-u8tag
鸠占鹊巢: Furucombo 攻击事件分析 https://mp.weixin.qq.com/s/jDQhFNEeIMT_cdjHkggYjw
2021-04-01 00:02:52SecWiki周报
国际视野看工控靶场的融合与创新 https://mp.weixin.qq.com/s/PToOOhcCKe6bjQvrdYBXYg
符号执行Symcc与模糊测试AFL结合实践 https://mp.weixin.qq.com/s/_qj40FMl7UwDswJ89z5uiA
驱动病毒那些事(一)----基础 https://www.sec-in.com/article/989
2021-03-31 00:00:46SecWiki周报
SecWiki周刊(第369期) https://www.sec-wiki.com/weekly/369
2021-03-30 00:19:48SecWiki周报
病毒分析之伪装eset升级程序 https://www.sec-in.com/article/960
2021-03-29 00:18:04SecWiki周报
2021-03-28 00:16:24SecWiki周报
2021-03-27 00:35:28SecWiki周报
剑指钓鱼基建自动化的想法 https://mp.weixin.qq.com/s/5ofJ6J1KVQIvVB3dZdIVng
浅析软件供应链攻击之包抢注低成本钓鱼 https://mp.weixin.qq.com/s/JWSjKZWyuSvXdzYhU0INmQ
Kscan:轻量级的资产发现工具 https://github.com/lcvvvv/kscan
国内网络安全信息与事件管理类产品研究与测试报告(2021年) http://www.caict.ac.cn/kxyj/qwfb/ztbg/202103/P020210324512102846900.pdf
中国网络安全行业全景图(2021年3月第八版) https://mp.weixin.qq.com/s/Z3rIpxl9ZOVuZzTABAojvg
A Year in the Life of a Compiler Fuzzing Campaign https://blog.trailofbits.com/2021/03/23/a-year-in-the-life-of-a-compiler-fuzzing-campaign/
一些网络空间搜索引擎相关的资料 https://github.com/EXHades/CyberSpaceSearchEngine-Research
一些webshell免杀的技巧 https://xz.aliyun.com/t/9290
蓝队溯源与反制 https://xz.aliyun.com/t/9316
记一次跌宕起伏的白盒审计到RCE https://xz.aliyun.com/t/9319
MSSQL 数据库攻击实战指北—防守方攻略 https://mp.weixin.qq.com/s/uENvpPan7aVd7MbSoAT9Dg
TinyInst动态插桩工具原理分析 https://www.anquanke.com/post/id/234925
Java反序列化漏洞浅析 https://www.anquanke.com/post/id/235511
qemu逃逸学习 https://www.anquanke.com/post/id/235191
一次金融行业的红蓝对抗总结 https://www.sec-in.com/article/969
2021-03-26 00:14:18SecWiki周报
H2C Smuggling in the Wild https://blog.assetnote.io/2021/03/18/h2c-smuggling/
Hidden OAuth attack vectors https://portswigger.net/research/hidden-oauth-attack-vectors
网络空间测绘核心技术之:协议识别(DCERPC篇) https://mp.weixin.qq.com/s/jsOyxiDBnvi4PiqdgA3dvw
2021-03-25 00:14:08SecWiki周报
硬核黑客笔记 - 怒吼吧电磁波 (上) https://mp.weixin.qq.com/s/SUjjKY_TIj10rpQW9tkH9A
利用字符集编码绕过waf的burp插件 https://github.com/GuoKerS/Charset_encoding-Burp
Driftingblues3靶机渗透 https://www.sec-in.com/article/967
2021-03-24 00:13:06SecWiki周报
模型可解释性在保险理赔反欺诈中的实践 https://mp.weixin.qq.com/s/7Qa4PZCXARqEK-iphVPTjA
2020年联网智能设备安全态势报告 https://mp.weixin.qq.com/s/GdSgHNTLjysqow4ka8tY7w
实践之后,我们来谈谈如何做好威胁建模 https://mp.weixin.qq.com/s/kNfTBoeFu90QPvYbPcR_OQ
RemRAT潜伏在中东多年的Android间谍软件 https://mp.weixin.qq.com/s/RhM2qUxDWTyykCbSW6e8SQ
2021-03-23 00:12:19SecWiki周报
使用 AWS Lambda 隐藏 C&C 流量 https://mp.weixin.qq.com/s/F6QcVgSyXz3wwJlRDd8TVQ
我是如何低成本建立RapidDNS.io网站的 https://mp.weixin.qq.com/s/IwpflmaxVar3Vk5AqBmdAA
HFish初版审计学习 https://www.sec-in.com/article/949
浅谈风控的架构 https://mp.weixin.qq.com/s/GAeau8TJEWZtrv5CHlSHNQ
SecWiki周刊(第368期) https://www.sec-wiki.com/weekly/368
2021-03-22 00:11:55SecWiki周报
实战预演——Redis基于主从复制的RCE https://www.anquanke.com/post/id/234770
C/C++源码扫描系列- Fortify 篇 https://xz.aliyun.com/t/9276
自主搭建的三层网络域渗透靶场打靶记录 https://xz.aliyun.com/t/9281
C/C++源码扫描系列- Joern 篇 https://xz.aliyun.com/t/9277
2021-03-21 00:10:55SecWiki周报
负载均衡下的 WebShell 连接 https://mp.weixin.qq.com/s/4Bmz_fuu0yrLMK1oBKKtRA
谈谈国外互联网公司的骨干网 https://mp.weixin.qq.com/s/jET_vZUtYS8kQD8H-5j5KA
All Your DNS Records Point to Us https://mp.weixin.qq.com/s/7-4QBjp_TAX74bWidegXHA
商业银行零信任安全架构研究 https://mp.weixin.qq.com/s/vpXdOOKFlZDioXDQnn0GLg
2021-03-20 00:30:46SecWiki周报
如何在技术领域产生自己的影响力 https://mp.weixin.qq.com/s/Himw3mpv7fDy96bdJQA5xg
我在学习和实践图数据库 Neo4j 的漫漫成长路 https://vancir.github.io/the-journey-of-learning-neo4j.html
2021-03-19 00:09:35SecWiki周报
新型僵尸网络隐匿方式 https://mp.weixin.qq.com/s/OxLkZyvI2AASVrYUR4GPJg
如何高效的挖掘Java反序列化利用链? https://www.anquanke.com/post/id/234537
2021-03-18 00:08:58SecWiki周报
RapidDNS网站在SRC漏洞挖掘中的一个思路 https://mp.weixin.qq.com/s/bTA0DVfmPVArYXG5MHRAbg
DuckMemoryScan: 内存免杀马检测 https://github.com/huoji120/DuckMemoryScan
CVE-2019-2215复现过程记录 https://xz.aliyun.com/t/9273
C/C++源码扫描系列- codeql 篇 https://xz.aliyun.com/t/9275
一个网络安全从业者的专业搜索引擎 https://mp.weixin.qq.com/s/D8JhdhzY6cpShKX2J-t_rQ
Apache Solr 组件安全概览 https://mp.weixin.qq.com/s/3WuWUGO61gM0dBpwqTfenQ
流行窃密类木马分析(下) https://mp.weixin.qq.com/s/R4sOXCP-_T3NGN5d7Ybl6Q
2021-03-17 00:08:20SecWiki周报
2021-03-16 00:07:47SecWiki周报
知识图谱技术如何赋能智能安全运营 https://mp.weixin.qq.com/s/qOuvPv8cm1S-jA-gqH1hZg
隐蔽信道:隐形网络 https://www.sec-in.com/article/57
SecWiki周刊(第367期) https://www.sec-wiki.com/weekly/367
2021-03-15 00:27:11SecWiki周报
最后防线:osquery功能与实现 https://mp.weixin.qq.com/s/PvnLnn1gDcl_X4fyocyPrA
2021-03-14 00:06:38SecWiki周报
Shiro 反序列化漏洞利用工具编写思路 https://mp.weixin.qq.com/s/WDmj4-2lB-hlf_Fm_wDiOg
对蚁剑的相关改造及分析 https://www.anquanke.com/post/id/233114
如何攻击深度学习系统——后门攻防 https://www.anquanke.com/post/id/232414
IoT设备漏洞复现到固件后门植入 https://www.anquanke.com/post/id/232845
TIG 威胁情报收集 https://github.com/wgpsec/tig
GoScan: 分布式综合资产管理系统 https://github.com/CTF-MissFeng/GoScan
监控github上新增的cve编号项目漏洞 https://github.com/yhy0/github-cve-monitor
网络测绘-立体呈现网络事件细节知多少? https://mp.weixin.qq.com/s/LwWMfOMqSgArtv9jlfaPRw
2021-03-13 01:05:55SecWiki周报
JavaScript反调试技巧 https://mp.weixin.qq.com/s/NMJd91AmuGEANz00sZELfw
资产管理的难点 https://mp.weixin.qq.com/s/DqtIzNdDvB7pYjXmoP1quQ
Japan Security Analyst Conference 2021 -1st Track- https://blogs.jpcert.or.jp/en/2021/03/jsac2021report3.html
Examining Exchange Exploitation and its Lessons for Defenders https://www.domaintools.com/resources/blog/examining-exchange-exploitation-and-its-lessons-for-defenders
2021-03-12 00:05:30SecWiki周报
Google内部开源组件的风险治理框架与工作流程窥探 https://zhuanlan.zhihu.com/p/356415256
通达 OA 11.7 组合拳 RCE 利用分析 通达 OA 11.7 组合拳 RCE 利用分析
2021-03-11 00:24:59SecWiki周报
某oa java代码审计2 https://xz.aliyun.com/t/9226
某oa java代码审计1 https://xz.aliyun.com/t/9225
两道CSP题目绕过分析 https://xz.aliyun.com/t/9219
免杀/一句话木马(PHP) https://xz.aliyun.com/t/9246
D^3CTF-WriteUp https://mp.weixin.qq.com/s/oOf0RI6P2hEwtPXWP6yU4Q
Data Science Testbed for Security Researchers https://www.azsecure-data.org/
2021-03-10 00:04:20SecWiki周报
Signal 数据分析 https://mp.weixin.qq.com/s/AiHRwc0LBUyxkg0vcu12eg
漏洞威胁分析报告(上册)- 不同视角下的漏洞威胁 https://mp.weixin.qq.com/s/gIEPvwBE61axZfhBbB9aiw
RapidDNS.IO 网站应用实例 https://mp.weixin.qq.com/s/ttbJY33W7Bmog_MgNZXc6Q
牛红红的日记(平平无奇拿下域控) https://www.sec-in.com/article/903
A Basic Timeline of the Exchange Mass-Hack https://krebsonsecurity.com/2021/03/a-basic-timeline-of-the-exchange-mass-hack/
2021-03-09 00:03:36SecWiki周报
Frida 入门 https://www.sec-in.com/article/799
SecWiki周刊(第366期) https://www.sec-wiki.com/weekly/366
从PR中学习如何修改 flashrom 读取国产 flash https://mp.weixin.qq.com/s/kifu_p4eOfy1kuSfLMrXMw
2021-03-08 00:02:53SecWiki周报
关于近期Microsoft Exchange多个高危漏洞——ProxyLogon https://mp.weixin.qq.com/s/cmgY6W_cGtGacfYgiac5qQ
2020年区块链安全态势感知报告 https://bc.cnvd.org.cn/notice_info?num=0c4088bbb6f7346000c3ac1ce13f0347
Firm-AFL:高效的IoT固件灰盒fuzz https://mp.weixin.qq.com/s/-s5GGA70vcHAVfyz1QeBtQ
2021-03-07 00:22:26SecWiki周报
2021-03-06 00:02:04SecWiki周报
游戏安全评审的技术进阶之路 https://mp.weixin.qq.com/s/ZIzjIZziM6inUNlr2CKBCg
外卖特征平台的建设与实践 https://mp.weixin.qq.com/s/YyRLJa9NomPvzTWJKaCesQ
Mydoom病毒分析报告 https://mp.weixin.qq.com/s/8drGAZA0sbBFeJd9h8WPLw
2021-03-05 00:15:32SecWiki周报
以蓝军视角跟踪和分析CANVAS攻击框架泄露事件 https://mp.weixin.qq.com/s/eQ-KDMoirOwx-pFxUcNjtQ
流行窃密类木马分析(上) https://mp.weixin.qq.com/s/AI_mG-I3buqx1W4C2o24jg
Exploitation of Multiple Zero-Day Microsoft Exchange Vulnerabilities https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/
智能化时代的代码缺陷检查探索 https://juejin.cn/post/6935413169271603208
趋势科技 2020 年度网络安全报告 https://mp.weixin.qq.com/s/6pnaFU5PfYGs4d0oLmRkJA
2021-03-04 00:14:09SecWiki周报
sqlinjection-detect: C语言编写的基于语义分析的SQL注入检测库 https://github.com/peter-cui1221/sqlinjection-detect
Node.js原型链污染的利用 https://www.freebuf.com/articles/web/264966.html
PHP反序列化 — 字符逃逸 https://xz.aliyun.com/t/9213
SonicWall SSL-VPN 远程命令执行 https://www.sec-in.com/article/899
2021-03-03 00:16:18SecWiki周报
红蓝对抗中的云原生漏洞挖掘及利用实录 https://mp.weixin.qq.com/s/Aq8RrH34PTkmF8lKzdY38g
PCAP-ATTACK: PCAP Samples for Different Post Exploitation Techniques https://github.com/sbousseaden/PCAP-ATTACK
VMware vCenter RCE (CVE-2021-21972) 漏洞复现与 Exp 编写 https://mp.weixin.qq.com/s/2pvaQborwMM8UHnWS_CeXA
IOT安全(二)——再探stm32 https://www.anquanke.com/post/id/231440
2021-03-02 00:19:03SecWiki周报
恶意软件分析工具集成环境 https://mp.weixin.qq.com/s/WMWQUWu8dt45iQsrcLfSxg
大白话解释拟态安全 https://mp.weixin.qq.com/s/UR0XbF02JJmo7RbNF1CYVw
浅谈如何有效落地DevSecOps https://mp.weixin.qq.com/s/5eX3-SCfvFfRitb9_onjvw
SecWiki周刊(第365期) https://www.sec-wiki.com/weekly/365
2021-03-01 00:17:52SecWiki周报
内网渗透代理之frp的应用与改造(二) https://www.anquanke.com/post/id/231685
内网渗透代理之frp的应用与改造(一) https://www.anquanke.com/post/id/231424
Apache Axis1 与 Axis2 WebService 的漏洞利用总结 https://paper.seebug.org/1489/
CDN 2021 完全攻击指南 (三) https://www.anquanke.com/post/id/231441
2021-02-28 00:17:24SecWiki周报
美国国家安全局发布零信任安全模型指南 https://mp.weixin.qq.com/s/UsClBKw4Fglcn8ludJtRKQ
从“产品模式”到“运营模式” https://mp.weixin.qq.com/s/mIbwVj3oVEnippj5YGkNTA
2021-02-27 00:16:44SecWiki周报
美军网络空间作战理论体系初探 https://mp.weixin.qq.com/s/Im-bacvc_1GGvLPtRspicw
An Exploration of JSON Interoperability Vulnerabilities https://labs.bishopfox.com/tech-blog/an-exploration-of-json-interoperability-vulnerabilities
2021-02-26 00:15:48SecWiki周报
业务安全的上岸体历 https://www.sec-in.com/article/890
2021-02-25 09:33:09SecWiki周报
基于数据的越权检测思路 https://www.freebuf.com/articles/web/252025.html
美国网络空间攻击特点与模式 https://mp.weixin.qq.com/s/gbyWEB6IbANJ-B2eRboYHg
f8x: 红/蓝队环境自动化部署工具 https://github.com/ffffffff0x/f8x
JAVA安全基础(二)-- 反射机制 https://xz.aliyun.com/t/9117
DA14531芯片固件逆向系列(2)- 操作系统底层机制分析 https://xz.aliyun.com/t/9186
红蓝对抗之邮件伪造 https://mp.weixin.qq.com/s/tOOBZ1aC6SsjslCM70WKBQ
钓鱼基础设施的应用分析 https://www.anquanke.com/post/id/231444
Angr源码阅读笔记01 https://www.anquanke.com/post/id/231460
如何隐蔽你的C2 https://www.anquanke.com/post/id/231448
恶意代码检测的本质性思考 https://zhuanlan.zhihu.com/p/352004681
A Cyber Threat Intelligence Self-Study Plan: Part 1 https://medium.com/katies-five-cents/a-cyber-threat-intelligence-self-study-plan-part-1-968b5a8daf9a
2021-02-24 00:04:57SecWiki周报
NDSS 2021 参会小记—2月22日论文报告 https://mp.weixin.qq.com/s/LI49ioKYMksguQMqKH1Rcw
漏洞管理的“新药” https://mp.weixin.qq.com/s/5Y-3r1KuJgCbNrWUGoKq0w
CDN 2021 完全攻击指南 (二) https://www.anquanke.com/post/id/231437
CDN 2021 完全攻击指南 (一) https://www.anquanke.com/post/id/227818
菜菜鸡的初体验之内网渗透 https://xz.aliyun.com/t/9190
2021-02-23 00:04:05SecWiki周报
详解反弹shell多维检测技术 https://www.freebuf.com/articles/network/263684.html
SecWiki周刊(第364期) https://www.sec-wiki.com/weekly/364
2021-02-22 00:14:19SecWiki周报
文本对抗综述(一) https://mp.weixin.qq.com/s/fYANjVp6CUOqri8mfA8vew
2021-02-21 10:54:07SecWiki周报
利用angr符号执行去除虚假控制流 https://mp.weixin.qq.com/s/d8xoR3VdMf6lMfnETaQHZw
网络空间搜索引擎研究 https://mp.weixin.qq.com/s/ZIa1myq4xoBlAHvdR0ipTw
Nuclei: 基于Go语言开发的开源安全漏洞扫描工具使用初探 https://mp.weixin.qq.com/s/C_-FRZMqF4ifzlx-ij4iIQ
软件安全能力成熟度评估实践 https://mp.weixin.qq.com/s/_s5m8WxlwnoI4-Ea8SJfCA
XStream RCE Analysis https://lightless.me/archives/xstream-rce-analysis.html
2021-02-20 00:03:25SecWiki周报
Browser Tracking Using Favicons https://www.schneier.com/blog/archives/2021/02/browser-tracking-using-favicons.html
物联网开源组件安全Node-RED白盒审计 https://security.tencent.com/index.php/blog/msg/181
记一场纯JS赛——DiceCTF2021 Web题解 https://www.anquanke.com/post/id/231421
魔罗桫组织最新样本分析学习 https://www.anquanke.com/post/id/231409
一次内网挖矿病毒的应急响应 https://xz.aliyun.com/t/9180
BlackHat2020 议题 「When TLS Hacks You」 复现 https://xz.aliyun.com/t/9177
2021-02-19 00:16:16SecWiki周报
甲方安全体系建设历程的思考 https://mp.weixin.qq.com/s/YTNWqXkcqTbjhdcIGpxE6w
苹果隐私十年史:变与不变(5)演变与结尾 https://mp.weixin.qq.com/s/KyPoe9_ZxmZ-vDwTsqYD0g
苹果隐私十年史:变与不变(4)体验与卖点 https://mp.weixin.qq.com/s/xTSuADi85josUEA3DTNrRw
苹果隐私十年史:变与不变(3)产品与常识 https://mp.weixin.qq.com/s/8-xZqAbgRCWcOSyY5x-OvA
苹果隐私十年史:变与不变(2)营销与产品 https://mp.weixin.qq.com/s/OgbdJTnIekWl07yzHuCFDg
苹果隐私十年史:变与不变(1)突变与营销 https://mp.weixin.qq.com/s/qqQ1BgFshie288wZEWGaEw
浅析Course of Action应对措施 https://mp.weixin.qq.com/s/ikHga0fGa0euwGYohv534g
2021-02-18 00:15:13SecWiki周报
做信息安全BP的一些感悟 https://mp.weixin.qq.com/s/qygwMIGX3PhbnKuPwQqfUQ