SecWiki周刊(第153期)
2017/01/30-2017/02/05
安全资讯
[其它]  世界上最大的黑客&网络安全导航网站
http://link-base.org/
[Web安全]  Chrome中“自动填充”安全性研究
http://mp.weixin.qq.com/s/ybeVF8caasBJ7xyzLyajbw
[漏洞分析]  Zimperium Announces Its Exploit Acquisition Program for N-Days
https://blog.zimperium.com/zimperium-announces-its-exploit-acquisition-program-for-n-days/
[取证分析]  推荐安全且匿名的邮箱 ProtonMail
http://mp.weixin.qq.com/s/DTgMZPGKL7BpUQ2l0L3CHg
[其它]  美国陆军战争学院-网络空间战略行动指南
https://info.publicintelligence.net/USArmy-StrategicCO.pdf
[其它]  The Growing Symbiosis of Insiders and the Dark Web
http://secure.redowl.com/rs/145-MYR-237/images/RedOwl_Intsights_Report.pdf
[法规]  《网络产品和服务安全审查办法(征求意见稿)》公开征求意见
http://www.cac.gov.cn/2017-02/04/c_1120407082.htm?from=timeline&isappinstalled=0
[新闻]  美国国防部DARPA想要创建安全数据共享技术
http://www.freebuf.com/news/125672.html
安全技术
[漏洞分析]  Spring Boot RCE
https://deadpool.sh/2017/RCE-Springs/
[漏洞分析]  From Mimikatz to Kekeo, Passing by New Microsoft Security Technologies
https://onedrive.live.com/view.aspx?resid=A352EBC5934F0254!3316&ithint=file%2cpptx&app=PowerPoint
[Web安全]  余弦: 一种新型蠕虫-花瓣CORSBOT蠕虫
http://evilcos.me/?p=590
[Web安全]  OWASP Security Shepherd WEB和APP安全测试训练平台
https://github.com/OWASP/SecurityShepherd
[数据挖掘]  携程是如何把大数据用于实时风控的
https://zhuanlan.zhihu.com/p/24795411
[无线安全]  如何利用 LTE/4G 伪基站+GSM 中间人攻击攻破所有短信验证
https://zhuanlan.zhihu.com/p/24811129
[Web安全]  .DS_Store文件泄漏利用脚本
https://github.com/lijiejie/ds_store_exp
[Web安全]  针对埃及公民的大规模网络钓鱼活动
https://citizenlab.org/2017/02/nilephish-report/
[漏洞分析]  企业应该如何应对上报的安全漏洞报告
http://www.freebuf.com/articles/security-management/125606.html
[设备安全]  打印机漏洞利用框架
https://github.com/RUB-NDS/PRET
[漏洞分析]  2016年CNVD漏洞数据统计:高危漏洞占比持续递增
http://www.freebuf.com/vuls/125951.html
[数据挖掘]  BigDataAudit: security vulns detector for Hadoop and Spark 大数据安全检测工具
https://github.com/kotobukki/BigDataAudit
[工具]   lightweight multi-architecture CPU emulator framework
https://alexaltea.github.io/unicorn.js/
[恶意分析]  Finding the RAT's Nest
https://blog.opendns.com/2017/01/18/finding-the-rats-nest/
[编程技术]  美团点评Docker容器管理平台
http://tech.meituan.com/mt-docker-practice.html
[运维安全]  DLP数据泄露防护系统测试样本
https://dlptest.com/sample-data/
[Web安全]  美国的个人信息搜索引擎(基于公开合法数据)
http://radaris.com/
[杂志]  SecWiki周刊(第152期)
https://www.sec-wiki.com/weekly/152
[Web安全]  basicRAT - A Python Remote Access Trojanki
https://github.com/vesche/basicRAT
[Web安全]  'Deep Thoughts' on Subdomain Takeover Vulnerabilities
http://blog.rubidus.com/2017/02/03/deep-thoughts-on-subdomain-takeovers/
[恶意分析]  Cypher – Pythonic ransomware proof of concept
https://github.com/NullArray/Cypher
[恶意分析]  KopiLuwak: A New JavaScript Payload from Turla
https://securelist.com/blog/research/77429/kopiluwak-a-new-javascript-payload-from-turla/
[恶意分析]  Collections of Malware source code 已泄露的恶意程序源码集合
https://github.com/gasgas4/Leaked_Malware_SourceCode
[恶意分析]  Advanced Techniques for Detecting RAT Screen Control
http://blog.mindedsecurity.com/2016/02/rat-wars-20-advanced-techniques-for.html
[恶意分析]  APT Targets Russia and Belarus with ZeroT and PlugX
https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx
[漏洞分析]  从CVE-2016-7644回到CVE-2016-4669
http://turingh.github.io/2017/01/15/CVE-2016-7644-%E4%B8%89%E8%B0%88Mach-IPC/
[其它]  浅谈区块链(上):区块链探究
http://www.arkteam.net/?p=1524
[Web安全]  XPath注入详解
http://www.mottoin.com/95785.html
[Web安全]  实用工具:免费Zend 5.2 5.3 5.4解密工具
http://www.cnseay.com/4498/
[移动安全]  构建GSM 基站
https://n0where.net/build-gsm-base-station/
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第153期)