SecWiki周刊（第140期)

SecWiki周刊（第140期）

2016/10/31-2016/11/06

安全资讯

[视频] 《见证》特别奉献四集纪录片《键盘上的幽灵》
http://tv.cctv.com/lm/jianzheng/2016/jpyl/index.shtml?from=timeline&isappinstalled=0

[工具] FS-7000 手机画像系统V1.3版更新说明
http://mp.weixin.qq.com/s?__biz=MjM5NTU4NjgzMg==&mid=2651219378&idx=1&sn=5bd7108f6105a6bd72e952fbe80b93f6&chksm=bd04f3cd8a737adbbbedaf086a7518fccafbf89a77528020b256f4a029d2430ee8f731b2b896&mpshare=1&scene=1&srcid=1104ygUG2Kp2hBjvj3yJdthu#rd

[视频] 全球网安资讯榜一周回顾（2016年11月第1周）
http://mp.weixin.qq.com/s?__biz=MzI4MjA1MzkyNA==&mid=2655294560&idx=1&sn=1de7cee29dcce15038fb8a762263e32a&chksm=f02fe82bc758613dfb4b7aab1cade080f3c309512b90173c42fe8e0a52a9af17b57a4f35ac12&scene=0#rd

[运维安全] 发现未知威胁，你需要一条线索
http://www.sec-un.org/identify-unknown-threats-you-need-a-clue.html

[运维安全] Protecting your organisation from ransomware
https://www.ncsc.gov.uk/guidance/protecting-your-organisation-ransomware

[其它] nominal delivery draft, UNC Charlotte,Prediction and The Future of Cybersecurit
http://geer.tinho.net/geer.uncc.5x16.txt

[新闻] 启明星辰叶蓬：情报是一条产业链
http://mp.weixin.qq.com/s?__biz=MjM5ODcxNTEzMw==&mid=2656244294&idx=1&sn=da3eb1da069d78930aec6ebc6ab04420&chksm=bd6139d48a16b0c286c4dc9586e880040a7b4d5add87b1643d2d829043628d594c0cf80b951a&mpshare=1&scene=2&srcid=1101wYb218aF9frLgmFKo9k9&from=timeline#rd

[法规] 《网络安全法》草案三审稿和二审稿全文对比
http://mp.weixin.qq.com/s?__biz=MzIyNjE0NTQ2OA==&mid=2651229289&idx=1&sn=77d6c853dbd2eba77cb6d1aaa7bcd2ad&chksm=f386c9bac4f140acaa70b9bc953f2d76220cf594ed01928a5bc0e55f24d83f82ea808b35189d&mpshare=1&scene=1&srcid=1101RoXPaTdFnxZ5X9XYMuKT#rd

[设备安全] 第一时间详解《工业控制系统信息安全防护指南》
http://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=2651069231&idx=1&sn=b33d8e05c3f2105a5882f6ab64d6751c&chksm=bd14abfc8a6322ea377562414c70f52da2b3ee377bbb981309a0e1a3ffad09e0f8599fa9a47c&mpshare=1&scene=1&srcid=1104iZjhMWRCNPuf0EHMnkuU#rd

[新闻] 骗取天猫7亿积分套现六百万，8人被南通检方指控犯诈骗罪
http://www.thepaper.cn/newsDetail_forward_1552051

[新闻] 关于公布2016年第一批CNVD技术组成员单位资格的公告
http://www.cnvd.org.cn/webinfo/show/3963

[数据挖掘] DNC 泄露的数据可视化界面展示
https://clinton.media.mit.edu/

[会议] 2016 JSRC 安全乌托邦-成都站（附PPT）
http://www.mottoin.com/91285.html

[其它] New DMCA Exemptions Give White Hats License To Hack Cars, Medical Devices
http://www.darkreading.com/vulnerabilities---threats/new-dmca-exemptions-give-white-hats-license-to-hack-cars-medical-devices/d/d-id/1327376

[新闻] 南洋股份并购天融信成功过会，揭秘新三板最大“跨板”并购案
http://mp.weixin.qq.com/s?__biz=MjM5MDk0NTA0OA==&mid=2650048551&idx=1&sn=5a33b4bb9874d74a77e069f4d4d3567d&chksm=bebd325089cabb46a2bae7eed126ae49c1981863bbe0cc82bd0bfe600883475fecb25f22243e&mpshare=1&scene=1&srcid=1104WSfNzjCqecfzeOu3DZ1z#rd

[新闻] 全球25家最值得关注的新兴安全厂商
http://www.freebuf.com/articles/security-management/118083.html

[新闻] 数据造假黑产技术帖：如何给微信公众号、微博大V、直播网红刷量
http://mp.weixin.qq.com/s?__biz=MTQzMjE1NjQwMQ==&mid=2655537335&idx=1&sn=63991e18f69eed0dfcee4795ab6c5acf&chksm=66dfe72951a86e3f4bb01a23cba5fbe142b3533ad7fbde576045d40229abbd84f3ee037fb5c0&mpshare=1&scene=1&srcid=1101Y97ZFri81p8M5O9t6qDc#rd

[其它] 黑客小说杀手（第八章秘密下）
http://www.jianshu.com/p/a30d2d0309b0

[新闻] 公民实验室逆向工程中国直播软件的关键词名单
http://www.solidot.org/story?sid=50214

[人物] 【新锐】林旭滨：做平均值中的出众者
http://mp.weixin.qq.com/s?__biz=MzIzMTAzNzUxMQ==&mid=2652876024&idx=1&sn=10a67ff1ad7e06751576a0be8877de1f&chksm=f34143d0c436cac675fe5cb6fe8eb9e4a97a7c46766a532fd5ed246e7325ba1ff32da9356825&mpshare=1&scene=1&srcid=1104Ny0cO1ws0bwjlfrsyjUW#rd

[新闻] 第九届信息安全漏洞分析与风险评估大会成功举办
http://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664108054&idx=1&sn=5a8ef1b1ee22a59424cc447725ea227c&chksm=8b5e12efbc299bf978fbfe3ed224cb7352b21bbf1f0fc8df6510dbef06cb819d3d155c833bdc&scene=0#rd

[其它] 黑客小说：杀手（第七章秘密上）
http://www.jianshu.com/p/50c74c598ed9

[新闻] 首届全国网络舆情（音视频）分析技术邀请赛开战
http://mp.weixin.qq.com/s?__biz=MzI2MjQ3MzgxMQ==&mid=2247483733&idx=1&sn=9ae4564d027aa3c24d76480cf3ac2849&chksm=ea4bd069dd3c597fd4826f790df993e68b35f041d510eb4055c0226162a2775d5c44adb3b3c1&scene=0#rd

[人物] “特斯拉破解第一人”刘健皓：我怎样成为一个黑客
http://mp.weixin.qq.com/s?__biz=MzA4ODUxNjIwMg==&mid=2654323712&idx=1&sn=1e15a4c6d9af28ae2f970c8bdeb65a3d&chksm=8be99705bc9e1e13409fc546a7b68c4da73a4adf6adcae129f7d05745b37c844ce16afd0a3d3&mpshare=1&scene=1&srcid=1104zrTiYwmetyXs3qwqBsot#rd

安全技术

[数据挖掘] 用户行为分析（UBA）实战：如何为每个用户绘制准确的画像
http://mp.weixin.qq.com/s?__biz=MzA4NTM4NjUzMw==&mid=2649485392&idx=1&sn=187cea8eeac393224279910ad8dda904&chksm=87c7e41ab0b06d0c7ca7ea3905025f2fbd7595da82bd01c90d5a127e5b175b589b700a494c63&scene=0#rd

[Web安全] 知乎反作弊系统演变
http://www.infoq.com/cn/presentations/zhihu-anti-cheat-system-evolution

[漏洞分析] Memcached 命令执行漏洞（CVE-2016-8704、CVE-2016-8705、CVE-2016-8706）
http://paper.seebug.org/95/

[Web安全] Java反序列化工具 — Java Deserialization Exp Tools
https://www.webshell.cc/6238.html

[视频] SSC峰会小刀议题《webshell的进化史》
http://m.youku.com/video/id_XMTc3OTc4ODgzNg==.html?refer=pc-sns-1

[移动安全] Lookout released a 42 page technical document explaining Pegasus (3 iOS vulns)
https://info.lookout.com/rs/051-ESQ-475/images/pegasus-exploits-technical-details.pdf

[数据挖掘] 40亿移动设备的用户画像和标签架构实践
http://mp.weixin.qq.com/s?__biz=MzA5NzkxMzg1Nw==&mid=2653161073&idx=1&sn=1db24e6b0496d3ae7517402dfc0ab8be&chksm=8b493b1fbc3eb2093c08adba528d6fe331400e1e6c0c9faa58b8e3b060877a4a1aab1c8b0bce&mpshare=1&scene=1&srcid=1103UQdGpSXsVPUBsgZD2A7d#rd

[其它] AlienVault - Open Threat Exchange
https://otx.alienvault.com/dashboard/new/

[运维安全] ProxyBroker: 开源代理抓取及验证程序
http://proxybroker.readthedocs.io/en/latest/

[设备安全] IoTSeeker: scan a network for specific types of IoT devices
https://github.com/rapid7/IoTSeeker

[移动安全] Android逆向修改内核绕过反调试
http://www.whitecell-club.org/?p=1442

[文档] Black Hat Europe 2016 Slides
https://www.blackhat.com/eu-16/briefings.html

[Web安全] 同源方法执行漏洞挖掘
http://www.mottoin.com/91299.html

[取证分析] 中国最大的Webshell后门箱子调查，所有公开大马全军覆没
http://www.freebuf.com/news/topnews/118424.html?from=singlemessage&isappinstalled=0#10006-weixin-1-52626-6b3bffd01fdde4900130bc5a2751b6d1

[Web安全] 多工具多用户HTTP代理
http://www.mottoin.com/91204.html

[漏洞分析] Read files on application server, leads to RCE of GitLab
https://hackerone.com/reports/178152

[Web安全] IoT: 物联网安全测试经验总结
http://www.mottoin.com/91246.html

[漏洞分析] Dirty COW - (CVE-2016-5195) - Docker Container Escape
https://blog.paranoidsoftware.com/dirty-cow-cve-2016-5195-docker-container-escape/

[Web安全] 前端黑魔法：使用JS检测远程用户的杀毒软件
http://www.mottoin.com/91264.html

[Web安全] Backslash Powered Scanning: Hunting Unknown Vulnerability Classes
http://blog.portswigger.net/2016/11/backslash-powered-scanning-hunting.html

[运维安全] Twitter开源DistributedLog，对比Kafka和雅虎Pulsar
http://mp.weixin.qq.com/s?__biz=MjM5MDE0Mjc4MA==&mid=2650994591&idx=1&sn=7e0d837ab28d27df3a00a388e2f13140&chksm=bdbf0fcc8ac886da65b0aca74b1c4f04eb9c309a70da107fb8091b1788be67784b64a5a33f85&scene=0#rd

[Web安全] wix.com的Dom-Basic XSS漏洞
http://www.mottoin.com/91302.html

[工具] 2016最流行的Linux发行版渗透测试系统
http://www.mottoin.com/91202.html

[漏洞分析] MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit
http://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html

[运维安全] 用有限的信息做无限可能的风控！
http://mp.weixin.qq.com/s?__biz=MzI5ODE0ODA5MQ==&mid=2652277539&idx=1&sn=87fa4119dc190cf23025602cabf12720&chksm=f74862b7c03feba1a1a3f45e92207353dac7c9a7ed347f77c2a1663e8634ba19159d2adfab62&mpshare=1&scene=1&srcid=1031etHOMTwlfGZcPmlsOgo5#rd

[Web安全] 分享一些无特征PHP一句话
https://www.leavesongs.com/PENETRATION/php-callback-backdoor.html

[文档] Rootkit analysis Use case on HideDRV[PDF]
http://www.sekoia.fr/blog/wp-content/uploads/2016/10/Rootkit-analysis-Use-case-on-HIDEDRV-v1.6.pdf

[恶意分析] 安天独家深度曝光分析方程式组织多平台恶意代码武器
http://mp.weixin.qq.com/s?__biz=MjM5MTA3Nzk4MQ==&mid=2650170101&idx=1&sn=714546c757db8291d52b6a4332c364a4&chksm=beb9c1c789ce48d1d6a96ed51b2506feab47c344b50461e7a4f72b19d89879dc113669d47a33&scene=0#wechat_redirect

[运维安全] Spark Streaming + Elasticsearch构建App异常监控平台
http://tech.meituan.com/spark-streaming-es.html

[设备安全] BadUSB小尝试
http://www.mottoin.com/91187.html

[移动安全] Appie：便携式Android渗透测试工具包
http://www.mottoin.com/91363.html

[漏洞分析] Joomla!用户特权提升漏洞影响范围分析：涉及全球超15000网站(含POC)
http://mp.weixin.qq.com/s?__biz=MzIwMDk0MjcwNA==&mid=2247483896&idx=1&sn=9fb542fc93d90560015993f542af7aa4&chksm=96f434e7a183bdf1e284730647d2dc8979867fcf751cec9e9aae424f363ad68e5ea9e292c74f&mpshare=1&scene=2&srcid=1101dMyuOo6GwVpH6j5YwSke&from=timeline#rd

[漏洞分析] Memcached多处代码执行、拒绝服务漏洞（含POC）
http://mp.weixin.qq.com/s?__biz=MzIwMDk0MjcwNA==&mid=2247483896&idx=2&sn=42a7c8f7dead9183fc563c22f7c641e2&chksm=96f434e7a183bdf1a97cff32b0d5a85c1c65e8184edff47142592348b07e564841aba062319c&mpshare=1&scene=2&srcid=1101ODprJSYgwaiVXuFaH0RX&from=timeline#rd

[Web安全] IPS Community Suite PHP远程代码执行漏洞分析
http://blog.nsfocus.net/ips-community-autoloaded-php-code-injection-vulnerability/

[Web安全] GitLab application server 文件读取导致命令执行漏洞
http://www.mottoin.com/91325.html

[运维安全] 威胁情报2012-2016会议笔记
http://www.tanjiti.top/threatIntelligenceNote.html

[文档] En Route with Sednit Part 1: Approaching the Target[PDF]
http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part1.pdf

[书籍] U.S. Army Commanders Guide to Human Intelligence (HUMINT)
https://info.publicintelligence.net/CALL-CommandersGuideHUMINT.pdf

[漏洞分析] Fireeye 2016 Flare-On Challenge Solutions(竞赛题目分析及答案)
https://www.fireeye.com/blog/threat-research/2016/11/2016_flare-on_challe.html

[运维安全] Spark 在反作弊聚类场景的实践
https://zhuanlan.zhihu.com/p/23385044

[移动安全] 如何利用Rowhammer漏洞Root Android手机（含演示视频+Exploit源码）
http://www.freebuf.com/news/118163.html

[漏洞分析] Ability to access all user authentication tokens, leads to RCE of gitlab
https://hackerone.com/reports/158330

[运维安全] 企业需要解决的安全问题
http://www.bincker.net/?p=452

[编程技术] 关于Code Review，你必须了解的一些关键点
http://mp.weixin.qq.com/s?__biz=MjM5MDE0Mjc4MA==&mid=2650994555&idx=1&sn=b196e2dfb293ec7829523011316a7e06&chksm=bdbf0f288ac8863e014eae215469f4bbc0b8e88fa286c3cd38b467348466c663415ffed0e4ca&scene=0#rd

[Web安全] anti-XSS: An open source XSS vulnerability scanner
https://github.com/lewangbtcc/anti-XSS

[其它] An Experiment Shows How Quickly The Internet Of Things Can Be Hacked
http://www.npr.org/sections/alltechconsidered/2016/11/01/500253637/an-experiment-shows-how-quickly-the-internet-of-things-can-be-hacked

[漏洞分析] Pwn A Camera Step by Step (Web ver.)
https://ricterz.me/posts/Pwn%20A%20Camera%20Step%20by%20Step%20%28Web%20ver.%29?_=1478056015650

[恶意分析] 文档化身商业木马，对“盗神”的分析与溯源
http://www.freebuf.com/news/117354.html

[论文] Practical Attacks Against Privacy and Availability in 4G/LTE Mobile Communicatio
https://arxiv.org/pdf/1510.07563.pdf

[设备安全] 乌克兰电网攻击分析20161101
http://blog.nsfocus.net/wp-content/uploads/2016/11/%E4%B9%8C%E5%85%8B%E5%85%B0%E7%94%B5%E7%BD%91%E6%94%BB%E5%87%BB%E5%88%86%E6%9E%9020161101.pdf

[取证分析] Packet Capture Generator for IDS and Regular Expression Evaluation
http://www.kitploit.com/2016/11/sniffles-packet-capture-generator-for.html?utm_source=dlvr.it&utm_medium=twitter

[Web安全] OpenDoor: OWASP Directory Access scanner
https://github.com/stanislav-web/OpenDoor/

[书籍] 《WebUSB API》Under Editor's Draft
https://wicg.github.io/webusb/

[杂志] SecWiki周刊（第139期)
https://www.sec-wiki.com/weekly/139

[恶意分析] Pornhub Bypasses Ad Blockers With WebSockets
http://blog.bugreplay.com/post/152579164219/pornhubdodgesadblockersusingwebsockets

[文档] Bypassing antivirus with a sharp syringe
https://www.exploit-db.com/docs/20420.pdf

[移动安全] awesome-adb: ADB Usage Complete / ADB 用法大全
https://github.com/mzlogin/awesome-adb

[恶意分析] The HookAds Malvertising Campaign
https://blog.malwarebytes.com/cybercrime/exploits/2016/11/the-hookads-malvertising-campaign/

[运维安全] 路由追踪程序
http://www.arkteam.net/?p=1303

[运维安全] 金融行业企业安全运营之路
http://mp.weixin.qq.com/s?__biz=MzI2MjQ1NTA4MA==&mid=2247483686&idx=1&sn=89f358a266bb957a6e796f556c07377c&chksm=ea4bab61dd3c2277f62105af8599d5b1253fab556c0b7551fb12d4f434b77fa65d73b5aec0dd&mpshare=1&scene=2&srcid=1030ETrx1BZ4memNEF8qX1oy&from=timeline&isappinstalled=0#rd

[Web安全] awesome-static-analysis: A curated list of static analysis tools
https://github.com/mre/awesome-static-analysis#python

-----微信ID：SecWiki-----
SecWiki，12年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第140期)

SecWiki周刊（第140期）

最新公告

友情链接

SecWiki公众号

安全学术圈