SecWiki周刊(第144期)
2016/11/28-2016/12/04
安全资讯
[设备安全]  Mirai现新的利用方式,开始扫描7547端口【需翻墙】
http://pastebin.com/eZrrLGzv
[事件]  超过100万谷歌帐户被Gooligan恶意软件盗取
http://www.mottoin.com/92954.html
[其它]  FIREEYE RESPONDS TO WAVE OF DESTRUCTIVE CYBER ATTACKS IN GULF REGION
https://www.fireeye.com/blog/threat-research/2016/11/fireeye_respondsto.html
[运维安全]  再见SIEM,你好SOAPA!
http://mp.weixin.qq.com/s?__biz=MjM5MzM3NjM4MA==&mid=2654679834&idx=1&sn=4728f8e35dfa8b88d422f0f0738505f6&chksm=bd5862098a2feb1f8209dce182820dd7cf542515f1ecb4092d8fb1b2a14fa8d7281271b3b38f&mpshare=1&scene=2&srcid=12012h4OLG8dqgGvyOYTg6DG&from=timeline#rd
[新闻]  网络空间安全蓝皮书:中国网络空间安全发展报告(2016)
http://mp.weixin.qq.com/s?__biz=MzA3OTA3NDkyNw==&mid=2653171023&idx=1&sn=d5721c33b9d6a4114c3dd0c033c33df7&chksm=84698e4fb31e0759ef220b21011a7c8d394fc63309bde44731bce4ef6230ec8a736a3a8e8f20&mpshare=1&scene=24&srcid=1130CIeqhSbOAk1q30hvuOqv#rd
[新闻]  以色列凭什么成为全球监控技术的中心?
http://www.freebuf.com/special/120592.html
[新闻]  2017年安全行业八大预测
http://www.aqniu.com/news-views/21474.html
[新闻]  中央网信办等下文:支持高校开设网络安全“特长班”
http://www.toutiao.com/i6304849503455281665/
[新闻]  Firefox 0day被用于攻击Tor用户
http://www.solidot.org/story?sid=50554
[人物]  访谈|通付盾CEO汪德嘉
http://www.aqniu.com/news-views/21423.html
[其它]  黑客小说:杀手 (第十一章 新的阶段)
http://www.jianshu.com/p/a65e09fc5057
安全技术
[Web安全]  玩转CSRF之挖洞实例分享
http://bbs.ichunqiu.com/thread-16169-1-1.html
[移动安全]  BadKernel----一个笔误引发的漏洞
https://github.com/secmob/BadKernel
[Web安全]  AZScanner:自动漏洞扫描器
https://github.com/az0ne/AZScanner
[Web安全]  Bypassing CSP using polyglot JPEGs
http://blog.portswigger.net/2016/12/bypassing-csp-using-polyglot-jpegs.html
[Web安全]  Burp Suite security automation with Selenium and Jenkins
https://www.securify.nl/blog/SFY20160901/burp_suite_security_automation_with_selenium_and_jenkins.html
[会议]  ArchSummit 北京 2016 PPT 下载合集
http://ppt.geekbang.org/archsummit?amp;isappinstalled=0&from=timeline&from=timeline&from=timeline&from=timeline
[Web安全]  内网渗透定位技术总结
http://www.mottoin.com/92978.html
[恶意分析]  德国电信断网:mirai僵尸网络的新变种和旧主控
http://blog.netlab.360.com/a-mirai-botnet-evolvement-new-variant-and-old-c2/
[漏洞分析]  IE浏览器UAF漏洞CVE-2014-0282的分析与利用
http://www.mottoin.com/92909.html
[Web安全]  hitcon2016 web writeup
http://lorexxar.cn/2016/10/10/hitcon2016/
[文档]  高能慎入--技术干货PPT之微店安全沙龙第1期北京
http://mp.weixin.qq.com/s?__biz=MzIzMjY3NzYwNA==&mid=2247483676&idx=1&sn=b38b3e9870717b13fdee9f8e96b4aca6&chksm=e8900897dfe7818143c1936256109262fdd7c4a0759a8d18527a38514c5ad3e5969fd791115c&mpshare=1&scene=1&srcid=1130nvZsugQ5Uu0q8Mm7DJod#rd
[其它]  暗网解读:什么事暗网以及如何工作的
https://www.weforum.org/agenda/2016/10/the-dark-web-what-it-is-and-how-it-works
[恶意分析]  【漏洞预警】Apache Tomcat远程代码执行漏洞(CVE-2016-8735)
http://www.mottoin.com/93100.html
[其它]  hduisa/HCTF2016: HCTF 2016 CHALLENGES
https://github.com/hduisa/HCTF2016
[Web安全]  企业常见服务漏洞检测&修复整理
http://www.mottoin.com/92742.html
[Web安全]  使用nmap暴力猜解网站子域名
http://blog.x1622.com/2016/11/subdomain-discovery-with-nmap-and.html
[Web安全]  Fofa:三分钟完成全网漏洞报告
https://v.qq.com/x/page/q03509j9ak1.html
[工具]  英国情报机GCHQ发布一款开源数据分析工具:Cyber​​Chef
http://www.mottoin.com/92941.html
[Web安全]  Layer子域名挖掘机4.2纪念版
http://www.cnseay.com/4482/
[恶意分析]  一个目录穿越引发的注入及后续——XG SDK漏洞回顾与思考
http://www.ms509.com/?p=474
[漏洞分析]  Analysis of multiple vulnerabilities in AirDroid
https://blog.zimperium.com/analysis-of-multiple-vulnerabilities-in-airdroid/
[Web安全]  在Empire中配置使用Tor
http://www.mottoin.com/92761.html
[移动安全]  BitUnmap: Attacking Android Ashmem
https://googleprojectzero.blogspot.com/2016/12/bitunmap-attacking-android-ashmem.html
[Web安全]  拉勾网的安全平台设计、规则化
http://www.jianshu.com/p/a56d3753c296?from=timeline&isappinstalled=0
[运维安全]  Mozilla SSL Configuration Generator HTTPS配置文件生成工具
https://mozilla.github.io/server-side-tls/ssl-config-generator/
[恶意分析]  Quick TR069 Botnet Writeup + Triage.
https://morris.guru/quick-tr069-botnet-writeup-triage/
[漏洞分析]  2016 HCTF Crypto 出题总结
http://0x48.pw/2016/11/28/0x28/
[编程技术]  最便捷的免费 SSL 证书解决方案
http://www.jianshu.com/p/4d1a795837d0?hmsr=toutiao.io&utm_medium=toutiao.io&utm_source=toutiao.io
[工具]  SharpMeter:Meterpreter反弹shell生成工具(绕过白名单限制)
http://www.mottoin.com/93059.html
[数据挖掘]  专栏 | 中文分词工具测评
http://www.jiqizhixin.com/article/1916
[漏洞分析]  Google: Announcing OSS-Fuzz: Continuous Fuzzing for Open Source Software
https://security.googleblog.com/2016/12/announcing-oss-fuzz-continuous-fuzzing.html
[Web安全]  Bypassing SAML 2.0 SSO with XML Signature Attacks
http://research.aurainfosec.io/bypassing-saml20-SSO/
[编程技术]  Anti-Anti-Spider: 反爬虫的技术攻关
https://github.com/luyishisi/Anti-Anti-Spider
[移动安全]  Android木马分析流程及实战
http://www.mottoin.com/93078.html
[漏洞分析]  Three roads lead to Rome
http://blogs.360.cn/360safe/2016/11/29/three-roads-lead-to-rome/
[Web安全]  Code Execution and Privilege Escalation – Databases
http://resources.infosecinstitute.com/code-execution-and-privilege-escalation-databases/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+infosecResources+%28InfoSec+Resources%29
[Web安全]  Google XSS Game Writeup
https://b1ngz.github.io/google-xss-game-writeup/
[编程技术]  单点登录原理与简单实现
http://www.cnblogs.com/ywlaker/p/6113927.htm
[运维安全]  How WeChat uses one censorship policy in China and another internationally
https://citizenlab.org/2016/11/wechat-china-censorship-one-app-two-systems/
[Web安全]  Firefox 0day in the wild is being used to attack Tor users
http://arstechnica.com/security/2016/11/firefox-0day-used-against-tor-users-almost-identical-to-one-fbi-used-in-2013/
[恶意分析]  One Bit To Rule A System: Analyzing CVE-2016-7255 Exploit In The Wild
http://blog.trendmicro.com/trendlabs-security-intelligence/one-bit-rule-system-analyzing-cve-2016-7255-exploit-wild/
[Web安全]  JSON-handle DomXSS Vulnerability (Ver 1.4.11) 漏洞分析
http://linux.im/2016/11/29/firefox-addon-JSON-handle-DomXSS.html
[Web安全]  渗透Oracle 11g(续)
https://www.t00ls.net/articles-23609.html
[运维安全]  黑产揭秘:“打码平台”那点事儿
https://jaq.alibaba.com/community/art/show?articleid=628
[无线安全]  WIFI安全之包结构解析
http://sccsec.com/2016/11/23/WIFI%E5%AE%89%E5%85%A8%E4%B9%8B%E5%8C%85%E7%BB%93%E6%9E%84%E8%A7%A3%E6%9E%90/
[数据挖掘]  XSExtractor: 提取新闻、博客等长文本网页的正文工具
https://github.com/qingyu1229/XSExtractor
[其它]  新人指导心得体会
http://zhenhua-lee.github.io/manmage/mentor.html
[其它]  HOW I BYPASSED APPLE'S MOST SECURE ICLOUD ACTIVATION LOCK
http://www.hemanthjoseph.com/2016/11/how-i-bypassed-apples-most-secure-find.html?m=1
[恶意分析]  美东部断网元凶MIRAI之现场还原与检测
http://mp.weixin.qq.com/s?__biz=MzI4ODA4MTcxMA==&mid=2649550113&idx=1&sn=bba4b0a196580bf1410f424984ba3b81&chksm=f3db9f60c4ac16761261d2f95ce7980b84e318d24db5fac348a24b09b9b6768f58f575f79712&mpshare=1&scene=2&srcid=1128n2PYLPIiWT0aIccMYsJS&from=timeline#rd
[其它]  写在阿里一周年
http://www.zoomfeng.com/blog/alibaba-one-year.html
[工具]  DPAT:渗透测试者的域密码审计工具
https://github.com/clr2of8/DPAT
[移动安全]  More Than 1 Million Google Accounts Breached by Gooligan
http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/?from=timeline
[编程技术]  I wrote a password cracking manual
http://www.netmux.com/blog/hash-crack
[恶意分析]  cosa-nostra: 基于家族和图表显示的恶意程序分析工具
https://github.com/joxeankoret/cosa-nostra
[Web安全]  DNS-Shell: DNS-Shell is an interactive Shell over DNS channel
https://github.com/sensepost/DNS-Shell
[Web安全]  FreePBX 13: From Cross-Site Scripting to Remote Command Execution
https://blog.ripstech.com/2016/freepbx-from-cross-site-scripting-to-remote-command-execution/
[Web安全]  assert免杀一句话
http://mp.weixin.qq.com/s?__biz=MzA5ODA0NDE2MA==&mid=2649712881&idx=1&sn=8a980de7df522f6fa019fbb063381cef&chksm=888c589ebffbd188503d1ecb31b8c96bc62143e09feef2b2fb0d9654c159018a5fa1c45a0fe6&scene=0#rd
[其它]  重新来看变量注入,利用命令执行/提升权限,绕过UAC
https://breakingmalware.com/vulnerabilities/command-injection-and-elevation-environment-variables-revisited/
[杂志]  SecWiki周刊(第143期)
https://www.sec-wiki.com/weekly/143
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第144期)