SecWiki周刊(第133期)
2016/09/12-2016/09/18
安全资讯
MySQL 0-day could lead to total system compromise
https://www.helpnetsecurity.com/2016/09/12/mysql-0-day-cve-2016-6662/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29
https://www.helpnetsecurity.com/2016/09/12/mysql-0-day-cve-2016-6662/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29
王宝强离婚与徐玉玉被骗(上)
https://zhuanlan.zhihu.com/p/22023852
https://zhuanlan.zhihu.com/p/22023852
Akamai 2016年第二季度报告——愈演愈烈的DDoS攻击
http://www.mottoin.com/89268.html
http://www.mottoin.com/89268.html
从电影《谍影重重5》中得到的信息安全启示
http://blog.nsfocus.net/revelation-5-bourne-identity-information-security/
http://blog.nsfocus.net/revelation-5-bourne-identity-information-security/
Attack-for-Hire Teens Collared in Israel
http://www.technewsworld.com/story/83891.html
http://www.technewsworld.com/story/83891.html
“安全·传继” 2016年SSC安全峰会
http://www.mottoin.com/89322.html
http://www.mottoin.com/89322.html
上海数据交易中心发布《数据流通禁止清单》 保护数据流通安全
http://mp.weixin.qq.com/s?__biz=MzAxNTU3ODMwNQ==&mid=2657680042&idx=2&sn=7f630d10fb7a917f9cced25b84b4ffd6&scene=2
http://mp.weixin.qq.com/s?__biz=MzAxNTU3ODMwNQ==&mid=2657680042&idx=2&sn=7f630d10fb7a917f9cced25b84b4ffd6&scene=2
安全技术
SECT CTF Web 400 writeup-bypass CSP using whitelisted CDNs and path traversal
https://blog.0daylabs.com/2016/09/09/bypassing-csp/
https://blog.0daylabs.com/2016/09/09/bypassing-csp/
WechatSogou: 基于搜狗微信搜索的微信公众号爬虫接口
https://github.com/Chyroc/WechatSogou
https://github.com/Chyroc/WechatSogou
Vuls: VULnerability Scanner
https://github.com/future-architect/vuls
https://github.com/future-architect/vuls
从甲方的角度谈谈WAF测试方法--part1
http://www.lewisec.com/2016/09/16/%E4%BB%8E%E7%94%B2%E6%96%B9%E7%9A%84%E8%A7%92%E5%BA%A6%E8%B0%88%E8%B0%88WAF%E6%B5%8B%E8%AF%95%E6%96%B9%E6%B3%95-part1/
http://www.lewisec.com/2016/09/16/%E4%BB%8E%E7%94%B2%E6%96%B9%E7%9A%84%E8%A7%92%E5%BA%A6%E8%B0%88%E8%B0%88WAF%E6%B5%8B%E8%AF%95%E6%96%B9%E6%B3%95-part1/
Hunting For Vulnerabilities in Signal - Part 1
http://pwnaccelerator.github.io/2016/signal-part1.html
http://pwnaccelerator.github.io/2016/signal-part1.html
H-field electromagnetic sniffing
https://labs.mwrinfosecurity.com/blog/h-field-electromagnetic-sniffing/
https://labs.mwrinfosecurity.com/blog/h-field-electromagnetic-sniffing/
常见app加固厂商脱壳方法研究
http://www.mottoin.com/89035.html
http://www.mottoin.com/89035.html
R2CON大会-radare2社区的一次盛宴(含PPT、视频)
http://bobao.360.cn/news/detail/3556.html
http://bobao.360.cn/news/detail/3556.html
SeetaFace开源人脸识别引擎介绍
https://www.52ml.net/18933.html
https://www.52ml.net/18933.html
聂君:企业信息安全建设的思考
http://www.aqniu.com/learn/19542.html
http://www.aqniu.com/learn/19542.html
SugarCRM v6.5.23 PHP反序列化对象注入漏洞分析
http://paper.seebug.org/39/
http://paper.seebug.org/39/
移动APP漏洞自动化检测平台建设
https://security.tencent.com/index.php/blog/msg/109
https://security.tencent.com/index.php/blog/msg/109
【PHP代码审计】 PHPCMS V9最新版本后台设计缺陷导致getshell
http://www.cnbraid.com/2016/09/14/phpcms/
http://www.cnbraid.com/2016/09/14/phpcms/
浏览器XSS 过滤器Fuzzing 框架
https://github.com/lcatro/browser_xss_auditor_fuzzing
https://github.com/lcatro/browser_xss_auditor_fuzzing
浅析基于用户(角色)侧写的内部威胁检测系统
http://www.freebuf.com/articles/network/114087.html
http://www.freebuf.com/articles/network/114087.html
libenom:快速创建MSFvenom payload
http://www.mottoin.com/89163.html
http://www.mottoin.com/89163.html
使用Pineapple NANO、OS X和BetterCap进行无线网络渗透测试
http://www.mottoin.com/89259.html
http://www.mottoin.com/89259.html
Security Onion Conference 2016 Slides and Videos now available!
https://github.com/Security-Onion-Solutions/security-onion/wiki/Conference
https://github.com/Security-Onion-Solutions/security-onion/wiki/Conference
阿里关于安全模型和大数据风控
http://mp.weixin.qq.com/s?__biz=MzI4NzE1NTYyMg==&mid=2651101819&idx=1&sn=a62a8016bc88aa2523c5cdc524c92ca7
http://mp.weixin.qq.com/s?__biz=MzI4NzE1NTYyMg==&mid=2651101819&idx=1&sn=a62a8016bc88aa2523c5cdc524c92ca7
BadCode – 基于正则的代码审计工具
http://www.mottoin.com/89032.html
http://www.mottoin.com/89032.html
Bitcoin Phishing: The Next Wave
https://blog.opendns.com/2016/09/15/bitcoin-phishing-next-wave/
https://blog.opendns.com/2016/09/15/bitcoin-phishing-next-wave/
详解Windows Shim的攻防利用
http://www.freebuf.com/articles/system/114287.html
http://www.freebuf.com/articles/system/114287.html
Neutrino-exploit KIT工具包分析技巧
https://github.com/SCUBSRGroup/Lectures-a-week-information-security-knowledge-lecture-hall/blob/master/2016-09-10/Neutrino-exploit%20KIT%E5%B7%A5%E5%85%B7%E5%8C%85%E5%88%86%E6%9E%90%E6%8A%80%E5%B7%A7.pptx
https://github.com/SCUBSRGroup/Lectures-a-week-information-security-knowledge-lecture-hall/blob/master/2016-09-10/Neutrino-exploit%20KIT%E5%B7%A5%E5%85%B7%E5%8C%85%E5%88%86%E6%9E%90%E6%8A%80%E5%B7%A7.pptx
Mysql本地提权漏洞/写my.cnf文件命令执行漏洞
http://blog.csdn.net/u011721501/article/details/52521037
http://blog.csdn.net/u011721501/article/details/52521037
Windows逆向工程师-安全技能 -SecWiki
https://www.sec-wiki.com/skill/6
https://www.sec-wiki.com/skill/6
SQLiScanner 基于SQLMAP和Charles的被动SQL 注入漏洞扫描工具
https://github.com/0xbug/SQLiScanner/blob/master/README_zh.md
https://github.com/0xbug/SQLiScanner/blob/master/README_zh.md
bbqsql: SQL Injection Exploitation Tool
https://github.com/Neohapsis/bbqsql
https://github.com/Neohapsis/bbqsql
没能复现的学习——DECON-HTTP-Smuggling
http://phantom0301.github.io/2016/09/12/httpsmuggling/
http://phantom0301.github.io/2016/09/12/httpsmuggling/
NSA(美国国安局)泄漏Exploit分析
http://www.freebuf.com/articles/others-articles/114187.html
http://www.freebuf.com/articles/others-articles/114187.html
利用 ICMP 隧道穿透防火墙
http://www.mottoin.com/89096.html
http://www.mottoin.com/89096.html
PowerShell-Suite:不使用DLL注入技术绕过UAC的powershell框架
http://www.mottoin.com/89299.html
http://www.mottoin.com/89299.html
厚客戶端渗透测试实战
http://www.mottoin.com/89197.html
http://www.mottoin.com/89197.html
POWERSHELL EMPIRE + CVE-2016-0189 = PROFIT
http://www.mottoin.com/89287.html
http://www.mottoin.com/89287.html
厚客户端渗透测试实战(三)
http://www.mottoin.com/89219.html
http://www.mottoin.com/89219.html
基于 Ansible 的项目自动化部署管理
https://github.com/abbshr/abbshr.github.io/issues/57
https://github.com/abbshr/abbshr.github.io/issues/57
厚客户端渗透测试实战(四)
http://www.mottoin.com/89244.html
http://www.mottoin.com/89244.html
What We’re Reading: 15 Favorite Data Science Resources
http://blog.kaggle.com/2016/09/13/what-were-reading-data-science-resources/
http://blog.kaggle.com/2016/09/13/what-were-reading-data-science-resources/
Content Security Policy 入门教程
http://www.ruanyifeng.com/blog/2016/09/csp.html
http://www.ruanyifeng.com/blog/2016/09/csp.html
解读ChatOps:开源聊天机器人怎样协助运维?
http://mp.weixin.qq.com/s?__biz=MjM5MDE0Mjc4MA==&mid=2650994072&idx=2&sn=ebf0bed743c5d3ee974bfb239cdda3ba
http://mp.weixin.qq.com/s?__biz=MjM5MDE0Mjc4MA==&mid=2650994072&idx=2&sn=ebf0bed743c5d3ee974bfb239cdda3ba
UPnP 端口映射安全浅析
http://www.arkteam.net/?p=1172
http://www.arkteam.net/?p=1172
一次对OpenCFP的代码审计
http://www.mottoin.com/89153.html
http://www.mottoin.com/89153.html
解读美国国会关于OPM数据泄露事件的调查报告
http://www.freebuf.com/articles/paper/114342.html
http://www.freebuf.com/articles/paper/114342.html
A Simple, Free, and Fast Open Source Workflow For Processing Indicators
http://www.cyintanalysis.com/a-simple-free-and-fast-open-source-workflow-for-processing-indicators/
http://www.cyintanalysis.com/a-simple-free-and-fast-open-source-workflow-for-processing-indicators/
Infection Monkey:数据中心边界及内部服务器安全检测工具
http://www.freebuf.com/sectool/113745.html
http://www.freebuf.com/sectool/113745.html
Infosec_Reference: Information Security Reference That Doesn't Suck
https://github.com/rmusser01/Infosec_Reference
https://github.com/rmusser01/Infosec_Reference
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第133期)
