SecWiki周刊(第147期)
2016/12/19-2016/12/25
安全资讯
[视频]  互联网安全志愿者联盟:配合执法部门打击网络灰黑产业链
http://tv.cctv.com/2016/12/24/VIDEvKOS1muC2zyhFgaBJY9m161224.shtml
[漏洞分析]  US State Police Have Spent Millions on Israeli Phone Cracking Tech
http://motherboard.vice.com/read/us-state-police-have-spent-millions-on-israeli-phone-cracking-tech-cellebrite
[事件]  俄罗斯黑客出售美国选举援助委员会网站权限与数据
http://www.mottoin.com/94240.html
[运维安全]  SANS:2016年安全分析调研报告
http://yepeng.blog.51cto.com/3101105/1885339
[新闻]  Shadow Brokers再次兜售NSA黑客工具包
http://bobao.360.cn/news/detail/3857.html
[新闻]  北向峰会讲点啥?
http://www.aqniu.com/news-views/12677.html
[新闻]  偷情网站 Ashley Madison 因数据泄露被罚160万美元
http://www.aqniu.com/news-views/21813.html
[新闻]  FBI逮捕DDoS僵尸网络的租赁者
http://www.solidot.org/story?sid=50788
[观点]  美国在抓捕俄罗斯黑客上面临重重困难
http://www.solidot.org/story?sid=50791
[法规]  全面透视|老王逐条解读网络安全法
https://www.sec-un.org/4933.html
[新闻]  迪拜警方开始使用犯罪预测软件
http://www.solidot.org/story?sid=50846
安全技术
[Web安全]  文件上传漏洞绕过方法
https://www.aptive.co.uk/blog/unrestricted-file-upload-testing/
[Web安全]  基于谷歌SSL透明证书的子域名查询脚本
https://github.com/We5ter/GSDF
[漏洞分析]  cobaltstrike3.6 破解版
http://evi1cg.me/archives/CobaltStrike_3_6_Cracked.html
[Web安全]  WeCenter 3.1.9 存储 XSS漏洞分析
http://linux.im/2016/12/22/WeCenter-319-Stored-XSS-Vuln.html
[Web安全]  巡风:企业内网的漏洞快速应急巡航扫描系统(附Docker版本)
http://www.mottoin.com/94253.html
[移动安全]  iOS安全审计入门
http://www.freebuf.com/articles/terminal/123098.html
[Web安全]  DSVW: Damn Small Vulnerable Web(小型靶场一枚)
https://github.com/stamparm/DSVW
[运维安全]  Splunk大数据分析经验分享:从入门到夺门而逃
http://www.freebuf.com/articles/database/123006.html
[取证分析]  poseidon: 360公司日志搜索平台「开源」
https://github.com/Qihoo360/poseidon
[Web安全]  Tengine WAF 实践
http://www.mottoin.com/94365.html
[编程技术]  Docker — 从入门到实践
https://github.com/yeasy/docker_practice
[运维安全]  Harbor: 基于Docker Distribution的企业级Registry服务
http://vmware.github.io/harbor/index_cn.html
[漏洞分析]  FuzzySec:Windows Kernel Exploitation: Integer Overflow
http://www.fuzzysecurity.com/tutorials/expDev/18.html
[运维安全]  openresty最佳实践笔记
http://snoopyxdy.blog.163.com/blog/static/601174402016111434342439
[运维安全]  xunfeng: 巡风是一款适用于企业内网的漏洞快速应急,巡航扫描系统
https://github.com/ysrc/xunfeng
[工具]  CloudFlare_enum:使用CloudFlare进行子域名枚举的脚本
http://www.mottoin.com/94481.html
[设备安全]  HG533路由器分析教程之找到硬件调试接口
http://drops.wiki/index.php/2016/12/22/hg533/
[数据挖掘]  awesome-ml-for-cybersecurity: Machine Learning for Cyber Security
https://github.com/jivoi/awesome-ml-for-cybersecurity#awesome-machine-learning-for-cyber-security-
[Web安全]  Dnsteal:一个利用DNS请求传输文件的工具
http://www.mottoin.com/94437.html
[Web安全]  MongoDB安全 – PHP注入攻击
http://www.mottoin.com/94341.html
[运维安全]  使用Hashcat破解外国字符构成的密码的终极指南
http://drops.wiki/index.php/2016/12/21/hashcat/
[编程技术]  MySQL大表优化方案
https://segmentfault.com/a/1190000006158186
[Web安全]  BurpSuite插件分享:基于Python的Web应用Fuzzing插件PyJFuzz
http://www.mottoin.com/94302.html
[运维安全]  FCN: 一款傻瓜式的一键接入私有网络的工具
https://github.com/boywhp/fcn
[Web安全]  F_A_S_T扫描器: 定向全自动化渗透测试
https://github.com/RASSec/pentestEr_Fully-automatic-scanner
[Web安全]  Writing Burp Extensions (Shodan Scanner)
http://resources.infosecinstitute.com/writing-burp-extensions-shodan-scanner/
[工具]  Whitewidow:自动化SQL漏洞扫描器
http://www.mottoin.com/94222.html
[Web安全]  Docker for win10下使用ubuntu安装DVWA-1.9
http://www.mottoin.com/94363.html
[Web安全]  RASscan: 内网端口极速扫描器
https://github.com/RASSec/RASscan
[运维安全]  ThreatHunting Project:Hunting for adversaries in your IT environment
http://www.threathunting.net/
[Web安全]  不一样的HTTP Headers (一)
http://www.mottoin.com/93711.html
[Web安全]  秒爆十万字典:奇葩技巧快速枚举“一句话后门”密码
http://www.freebuf.com/sectool/122169.html
[Web安全]  Mimikatz Delivery via ClickOnce with URL Parameters
http://subt0x10.blogspot.com/2016/12/mimikatz-delivery-via-clickonce-with.html
[Web安全]  A collection of JavaScript engine CVEs with PoCs
https://github.com/tunz/js-vuln-db
[数据挖掘]  自动化、安全分析和人工智能,从Gartner预测看网络安全新规则
http://www.freebuf.com/articles/neopoints/123545.html
[设备安全]  IOActive研究员声称可入侵松下机载娱乐系统
http://www.freebuf.com/vuls/123712.html
[漏洞分析]  awesome-windows-exploitation: Windows Exploitation resources
https://github.com/enddo/awesome-windows-exploitation
[杂志]  SecWiki周刊(第146期)
https://www.sec-wiki.com/weekly/146
[恶意分析]  Paper: Spreading techniques used by malware
https://www.virusbulletin.com/blog/2016/december/paper-spreading-techniques-used-malware/
[移动安全]  Android Telephony拒绝服务漏洞(CVE-2016-6763)分析
http://drops.wiki/index.php/2016/12/20/android-telephony/
[Web安全]  Bottle HTTP 头注入漏洞探究
https://www.leavesongs.com/PENETRATION/bottle-crlf-cve-2016-9964.html
[数据挖掘]  Python股市数据分析教程
https://yq.aliyun.com/articles/66878
[运维安全]  Engineering Security Through Uber's Custom Email IDS
http://eng.uber.com/custom-email-ids/
[文档]  The Kings In Your Castle Part 5: APT correlation and do-it-yourself threat resea
https://cyber.wtf/2016/12/15/the-kings-in-your-castle-part-5-apt-correlation-and-do-it-yourself-threat-research/
[运维安全]  Docker网络隔离初步设想
http://vipdocker.com/2016/09/14/docker-network-isolation/
[Web安全]  Oracle酒店管理平台的远程命令执行和持卡人数据泄漏漏洞分析(CVE-2016-5663/4/5)
http://www.mottoin.com/94271.html
[文档]  Law Enforcement Use of Cell-Site Simulation Technologies: Privacy Concerns and R
https://info.publicintelligence.net/US-CellSiteSimulatorsPrivacy.pdf
[运维安全]  用树莓派搭建小型honeynet
http://www.mottoin.com/94306.html
[数据挖掘]  利用Python实现knn算法
http://computational-communication.com/python-knn/
[编程技术]  A Good User Interface 好的用户界面设计该如何做
http://goodui.org/
[数据挖掘]  如何通过TensorFlow实现深度学习算法并运用到企业实践中
http://dataunion.org/26671.html
[工具]  dns recon & research, find & lookup dns records
https://dnsdumpster.com/
[Web安全]  Disclosing the Primary Email address for each Facebook user
http://www.dawgyg.com/2016/12/21/disclosing-the-primary-email-address-for-each-facebook-user/
[Web安全]  Learning From A Year of Security Breaches – Starting Up Security
https://medium.com/starting-up-security/learning-from-a-year-of-security-breaches-ed036ea05d9b#.23b72hmck
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第147期)