SecWiki News 2019-02-15 Review

APT detection based on machine learning by ourren

基于通用技术的企业安全运营架构 by ourren

Moloch 那些不得不说的事 by ourren

分析银行木马的恶意 LNK 快捷方式及由 ISESteroids 混淆的 Powershell Dropper by mimblewimble

BlueHat IL 2019 PPT: 软件漏洞缓解机制的趋势、挑战及战略转变 by mimblewimble

Acrobat Reader DC 文本字段 "comb" 属性远程代码执行漏洞披露(CVE-2019-7039) by mimblewimble

[SSRF] Server Side Request Forgery in a private Program by mimblewimble

Windows Access Tokens UIAccess 属性及绕过 UAC 的方法 by mimblewimble

How to Use Fuzzing in Security Research by mimblewimble

Linux 内核漏洞利用开发教程 by mimblewimble

Tide(潮汐)网络空间探测平台检索思路分享 by secplus


SecWiki News 2019-02-14 Review

将军令:数据安全平台建设实践 by ourren

Tenda n301路由器固件分析 by ourren

从 0 开始学 Linux 内核之 android 内核栈溢出 ROP 利用 by ourren

反向RDP攻击:RDP客户端上的代码执行 by ourren

HackIM 2019 Web记录 by ourren

我所了解的物联网设备渗透测试手段(硬件篇) by ourren

记一次微信数据库解密过程 by ourren

Angr AEG:堆溢出之Exploit自动生成 by ourren

Reverse Engineering a Philips TriMedia CPU based IP camera - Part 2 by ourren

利用谷歌翻译对Facebook和谷歌用户进行钓鱼攻击 by BaCde

如何在不知道MySQL列名的情况下注入出数据? by BaCde

Byte Cup 2018国际机器学习竞赛夺冠记 by ourren

CVE-2019-5736: Escape from Docker and Kubernetes containers to root on host by ourren


XuanwuLab Security Daily News Push – 2019-02-14


Tencent Xuanwu Lab Security Daily News

SecWiki News 2019-02-13 Review

BattlEye anticheat: analysis and mitigation by ourren

DNSGrep——超快速DNS记录查询 by BaCde

邮件钓鱼攻击与溯源 by hx

YouTube Studio 两处漏洞详情披露 by mimblewimble

Ubuntu Linux dirty_sock 本地提权漏洞利用 by mimblewimble

Exploit kits: winter 2019 review by ourren

从生产安全体系视角看数据安全 by ourren

个性化推荐研究进展(可解释性、鲁棒性和公平性) by ourren