SecWiki周刊(第186期)
2017/09/18-2017/09/24
安全资讯
[Web安全]  Wordpress 最新安全更新,可能潜在的SQL注入问题
https://nosec.org/my/threats/1567
[恶意分析]  安装量20亿的安全软件CCleaner存在后门,可能有230万用户受影响
https://nosec.org/my/threats/1564
[漏洞分析]  恶意软件 aIR-Jumper 利用具有红外功能的摄像机来窃取数据
https://nosec.org/my/threats/1566
[新闻]  SS7协议存严重漏洞,可劫持用户短信验证码
http://www.4hou.com/info/news/7724.html
[事件]  AWS S3成数据泄露重灾区!这次是全球第六大传媒公司Viacom
http://mp.weixin.qq.com/s/Ejz5ED5ev-IrzuRKmBQGgA
[文档]  中国信通院:网络安全产业白皮书(2017年)
https://mp.weixin.qq.com/s/FSFeXPe25SyzAwkGRCwBPA
[观点]  Tor的替代品:Loopix匿名网络系统
http://mp.weixin.qq.com/s/h-Yj3_lDToJffdd2LYQyHQ
[新闻]  攻击者利用WordPress、Joomla和JBoss服务器“挖矿”
http://mp.weixin.qq.com/s/XJESrqyRAl6t0bOeiWmCLA
[设备安全]  HVACKer:入侵隔离网络的新型攻击技术
http://mp.weixin.qq.com/s/CIby4-oELdD7oGHew0b0AQ
[Web安全]  百度安全WAF靶场演练正式开赛!
https://bbs.ichunqiu.com/thread-27287-1-1.html
[法规]  中国境内网络安全法律、规范、标准、条文、政策
http://www.bincker.net/?p=699
[法规]  全国各省市等级保护测评机构名录大全
https://mp.weixin.qq.com/s/8p70LnCsSGNaqr50PNrvMw
[新闻]  维基解密曝光俄罗斯版棱镜计划:SORM
https://mp.weixin.qq.com/s/hmREh_PM5LoJL2e9BeZHEA
[新闻]  揭秘NSA内部文件背后的故事
http://www.freebuf.com/articles/others-articles/148161.html
[观点]  看美股之Palo Alto Networks
https://mp.weixin.qq.com/s/P06-ku3oe5GS9H0ITL3xoA
安全技术
[文档]  网络安全中机器学习大合集
https://github.com/jivoi/awesome-ml-for-cybersecurity/blob/master/README_ch.md
[Web安全]  渗透笔记:如何通过SQL注入漏洞拿到系统的管理员权限
https://xianzhi.aliyun.com/forum/read/2147.html
[Web安全]  Python沙箱逃逸的n种姿势
https://xianzhi.aliyun.com/forum/read/2138.html
[漏洞分析]  Apache Tomcat RCE(CVE-2017-12615 )漏洞测试
http://www.4hou.com/vulnerable/7743.html
[Web安全]  CVE-2017-12615 漏洞复现
https://xianzhi.aliyun.com/forum/read/2136.html
[Web安全]  从后台弱口令到内网漫游 
https://bbs.ichunqiu.com/thread-27270-1-1.html?from=sec
[Web安全]  基于Docker容器搭建Java靶机bodgeit
https://zhuanlan.zhihu.com/p/29395782
[设备安全]  打印机有多少不安全的点?
http://www.4hou.com/penetration/7773.html
[Web安全]  入侵检测学习 Snort [ 一]
https://klionsec.github.io/2017/09/22/snortpentest/
[运维安全]  SynFlood攻击原理测试与防御
http://mp.weixin.qq.com/s/jT4yxnpfFJ8QWGQECIvgHw
[Web安全]  给新手整理的中间件漏洞
http://www.bugku.com/thread-97-1-1.html
[Web安全]  Tomcat漏洞CVE-2017-12615与CVE-2017-12616分析
https://zhuanlan.zhihu.com/p/29620375
[其它]  通过CISSP考试后的经验分享
https://secvul.com/topics/804.html
[工具]  Metasploit初级课程
http://www.secer.com.cn/course/44
[工具]  Awesome-Platforms
https://github.com/We5ter/Awesome-Platforms
[Web安全]  UEditor储存型xss漏洞
http://www.yuag.org/2017/09/19/ueditor%E5%82%A8%E5%AD%98%E5%9E%8Bxss%E6%BC%8F%E6%B4%9E/
[Web安全]  定制轻量高效的 WAF Naxsi [一]
https://klionsec.github.io/2017/09/18/naxsiwaf/
[恶意分析]  Cobalt Strike over external C2 – beacon home in the most obscure ways
https://outflank.nl/blog/2017/09/17/blogpost-cobalt-strike-over-external-c2-beacon-home-in-the-most-obscure-ways/
[运维安全]  使用轻量级工具Sysmon监视你的系统
http://www.freebuf.com/sectool/122779.html
[数据挖掘]  Time-NLP: 中文语句中的时间语义识别
https://github.com/shinyke/Time-NLP
[Web安全]  Python PyYAML反序列化漏洞实验和Payload构造
http://www.polaris-lab.com/index.php/archives/375/
[Web安全]  aspx代码审计-2
https://bbs.ichunqiu.com/thread-26714-1-1.html?from=sec
[比赛]  WHCTF 2017 Web Write-up
http://momomoxiaoxi.com/2017/09/18/WHCTF/
[移动安全]  Android Studio源码扫描工具:Code Arbiter
http://www.freebuf.com/sectool/147843.html
[Web安全]  domato: DOM fuzzer
https://github.com/google/domato
[取证分析]  某门罗币挖矿木马分析及溯源
https://green-m.github.io/2017/09/17/monero-miner-reverse/
[运维安全]  githubscan: GitHub敏感信息扫描工具
https://github.com/lianfeng30/githubscan
[无线安全]  无线渗透--‘钓鱼’wifi
http://mp.weixin.qq.com/s/UpUJtkkNlK4PG9pd6CUMOA
[Web安全]  CVE-2017-12615/12616:Tomcat信息泄漏和远程代码执行漏洞分析报告
https://xianzhi.aliyun.com/forum/read.php?tid=2135&displayMode=1&page=1&toread=1#tpc
[设备安全]  [译] 逆向攻击 “在线闹钟”
https://xianzhi.aliyun.com/forum/read/2142.html
[Web安全]  最新CVE-2017-8759漏洞复现的两种姿势
https://bbs.ichunqiu.com/thread-27073-1-1.html?from=sec
[Web安全]  [应急响应] Linux应急响应姿势
http://vinc.top/2017/09/20/linux%e5%ba%94%e6%80%a5%e5%93%8d%e5%ba%94%e5%a7%bf%e5%8a%bf%e4%b9%8b%e8%a7%82%e9%9f%b3%e5%9d%90%e8%8e%b2/
[无线安全]  基于蓝牙协议漏洞的BlueBrone攻击综合分析报告
https://mp.weixin.qq.com/s/YCuY4D-IH3ovyBLBQkXwdQ
[漏洞分析]  FUZZING MIMIKATZ ON WINDOWS WITH WINAFL & HEATMAPS (0DAY)
https://www.sec-consult.com/en/blog/2017/09/hack-the-hacker-fuzzing-mimikatz-on-windows-with-winafl-heatmaps-0day/index.html
[漏洞分析]  当git遇上ssh——CVE-2017-1000117漏洞浅析
http://blog.nsfocus.net/git-ssh-cve-2017-1000117/
[取证分析]  蜜罐背后的影子系统探秘
http://www.freebuf.com/articles/web/147892.html
[编程技术]  The Tale of Creating a Distributed Web Crawler
https://benbernardblog.com/the-tale-of-creating-a-distributed-web-crawler/
[其它]  玩得一手好注入之order by排序篇
https://bbs.ichunqiu.com/thread-26552-1-1.html?from=sec
[恶意分析]  PHPDecode 在线解密工具
http://blog.evalbug.com/2017/09/21/phpdecode_01/
[恶意分析]  Deep Analysis of New Poison Ivy/PlugX Variant - Part II
http://blog.fortinet.com/2017/09/15/deep-analysis-of-new-poison-ivy-plugx-variant-part-ii
[编程技术]  挖洞过程中碰到死结/死循环时,该怎么办?
http://www.4hou.com/vulnerable/7725.html
[Web安全]  Xdebug: A Tiny Attack Surface
https://ricterz.me/posts/Xdebug%3A%20A%20Tiny%20Attack%20Surface
[恶意分析]  Is Hajime botnet dead?
http://blog.netlab.360.com/hajime-status-report/
[Web安全]  关于Shell你想知道的都在这儿
http://www.freebuf.com/articles/system/147768.html
[设备安全]  工业控制系统安全之——Modbus学习笔记
http://www.freebuf.com/articles/ics-articles/148637.html
[漏洞分析]  翻译:通过.NET程序提权绕过UAC
http://anhkgg.com/tans-net-bypass-uac/
[运维安全]  Apache Tomcat 7.x安全加固指南
https://mp.weixin.qq.com/s/GvvlBFVmcdFB3f_jB99n0w
[恶意分析]  Deep Analysis of New Poison Ivy Variant - Part I
http://blog.fortinet.com/2017/08/23/deep-analysis-of-new-poison-ivy-variant
[设备安全]  Flash芯片内存提取(一)
http://www.freebuf.com/geek/147847.html
[取证分析]  态势感知中的威胁情报
https://mp.weixin.qq.com/s/Juyrid9lPQQ3IQD1rU1XKQ
[Web安全]  代码审计之熊海cms v1.0
http://foreversong.cn/archives/387
[漏洞分析]  Samba SMB1协议漏洞,可泄露服务器内存信息
https://nosec.org/my/threats/1574
[编程技术]  twisted学习笔记
https://jiayi.space/post/twistedxue-xi-bi-ji
[设备安全]  An Introduction to Printer Exploitation #1
https://0x00sec.org/t/an-introduction-to-printer-exploitation-1/3565
[设备安全]  The Great Train Robbery: Fast and Furious
https://www.slideshare.net/SergeyGordeychik/the-great-train-robbery-fast-and-furious/1
[Web安全]  十分钟带你了解XXE
http://mp.weixin.qq.com/s/ek2I9tshyTG0HvTAHMmdsQ
[Web安全]  2大浏览器安全白皮书
https://paper.seebug.org/400/
[Web安全]  nccgroup/Decoder-Improved: Improved decoder for Burp Suite
https://github.com/nccgroup/Decoder-Improved
[运维安全]  一次服务器被攻击的应急行动
http://www.4hou.com/technology/7653.html
[运维安全]  防御者如何加强主机权限控制
http://www.freebuf.com/articles/system/147985.html
[取证分析]  OSINT-SPY Search using OSINT(Open Source Intelligence)
https://github.com/SharadKumar97/OSINT-SPY
[Web安全]  Analysis of CVE-2017-5638 (Apache Struts 2 RCE)
https://blog.gdssecurity.com/labs/2017/3/27/an-analysis-of-cve-2017-5638.html
[Web安全]  PHP代码审计-sprintf函数中的安全问题
http://mp.weixin.qq.com/s/8qtFAVdnYCbsST09xTDHIg
[Web安全]  High-Level Approaches for Finding Vulnerabilities
http://jackson.thuraisamy.me/finding-vulnerabilities.html
[取证分析]  软件基因学术研讨会MalwareBenchmark亮剑
https://mp.weixin.qq.com/s/q6C7U8SlEVo52BbRYVGLkQ
[取证分析]   网络威胁防御中的情报分析策略
https://medium.com/@thegrugq/counterintelligence-for-cyber-defence-97d33503064d
[Web安全]  aspx代码审计-1
https://bbs.ichunqiu.com/thread-26569-1-1.html?from=sec
[取证分析]  威胁情报:线索拓展
https://mp.weixin.qq.com/s/ETWPw6dbWLcAenSd_On3pw
[漏洞分析]  blueborne漏洞的联想
https://bbs.ichunqiu.com/thread-27084-1-1.html?from=sec
[恶意分析]  僵尸网络Jenki家族IoT变种分析预警
http://www.freebuf.com/articles/network/148678.html
[恶意分析]  macphish: Office for Mac Macro Payload Generator
https://github.com/cldrn/macphish
[Web安全]  PHP开源程序中常见的后台绕过方法总结
http://mp.weixin.qq.com/s/CahVAc4-Cym_FFZ3y8LfPg
[编程技术]  知道工具之编程相关
https://mp.weixin.qq.com/s/2bgxIspz1b7sNQmXHALXQg
[运维安全]  pastebot: 监控 pastebin 的敏感内容并发微博的 bot
https://github.com/fate0/pastebot
[杂志]  SecWiki周刊(第185期)
https://www.sec-wiki.com/weekly/185
[运维安全]  UAC bypass via elevated .NET applications
https://offsec.provadys.com/UAC-bypass-dotnet.html
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第186期)