SecWiki周刊（第157期)

SecWiki周刊（第157期）

2017/02/27-2017/03/05

安全资讯

[取证分析] Palo Alto 1.05 亿美元收购 LightCyber 增加行为攻击检测能力
http://app.myzaker.com/news/article.php?pk=58b649b11bc8e0b562000001

[书籍] 腾讯CTF（TCTF）大赛正式启航，国际顶级高手等你来战！
http://mp.weixin.qq.com/s/vTt-KHFwE7hrvnPwLFiEGQ

[事件] 波音公司员工泄露了36000名同事的个人信息
http://www.mottoin.com/97371.html

[新闻] Seebug漏洞平台2016十大漏洞
http://weibo.com/ttarticle/p/show?id=2309404079780348744123

[恶意分析] 川普已被玩坏：头像被敲诈病毒拿来恶搞
http://www.mottoin.com/97208.html

[法规] 网络空间国际合作战略（全文）
http://news.xinhuanet.com/politics/2017-03/01/c_1120552767.htm

[其它] 黑客小说杀手（第十四章暗流）
http://www.jianshu.com/p/6a25f14a42de

[新闻] 美国国土安全部使用网络杀伤链分析总统大选黑客事件
http://www.aqniu.com/industry/23163.html

[文档] 瑞星反诈骗报告：不法分子利用“高额奖金”骗取用户隐私信息
http://www.mottoin.com/97439.html

[新闻] Google Summer of Code 2017
https://summerofcode.withgoogle.com/

安全技术

[Web安全] NodeJS反序列化RCE漏洞的完美利用
http://www.4hou.com/technology/3457.html

[Web安全] 新型Web攻击技术——Web缓存欺骗
http://www.4hou.com/technology/3536.html

[Web安全] Web Cache Deception Attack
http://omergil.blogspot.jp/2017/02/web-cache-deception-attack.html

[Web安全] Undocumented Backdoor Account in DBLTek GoIP
https://www.trustwave.com/Resources/SpiderLabs-Blog/Undocumented-Backdoor-Account-in-DBLTek-GoIP/

[Web安全] JEXBOSS V1.2.0 – JBOSS VERIFY AND EXPLOITATION TOOL
http://seclist.us/jexboss-v1-2-0-jboss-verify-and-exploitation-tool.html?utm_source=feedburner&utm_medium=twitter&utm_campaign=Feed%3A+seclist%2Ffeed+%28Security+List+Network%E2%84%A2%29

[漏洞分析] 解密 RubyEncoder
http://blog.fatezero.org/2017/02/26/decrypt-rubyencoder/

[运维安全] Ponemon：优化SIEM时所面临的挑战
http://yepeng.blog.51cto.com/3101105/1903177

[编程技术] Phantomjs性能优化
http://thief.one/2017/03/01/Phantomjs%E6%80%A7%E8%83%BD%E4%BC%98%E5%8C%96/

[取证分析] 安全情报中心与红蓝军对抗演习
http://mp.weixin.qq.com/s?__biz=MzI0NTAwNjMwOA==&mid=2650685700&idx=3&sn=8cceaf131a280618abaff340c63a5079&scene=0#wechat_redirect

[Web安全] DokuWiki fetch.php SSRF漏洞与tok安全验证绕过分析
http://paper.seebug.org/230/

[Web安全] Mysql数据库反弹端口连接提权
https://xianzhi.aliyun.com/forum/read/774.html

[取证分析] 我眼中的渗透测试信息搜集
http://bbs.ichunqiu.com/thread-16020-1-1.html

[Web安全] 隐匿的攻击之-Domain Fronting
https://evi1cg.me/archives/Domain_Fronting.html

[工具] 在 Windows 10 的 Linux 子系统（WSL）中运行 Kali
http://www.mottoin.com/97429.html

[Web安全] BurpSmartBuster：用于收集与发现文件目录和后缀的插件
http://www.mottoin.com/97437.html

[无线安全] 对 Parrot SkyController 无人机固件的逆向工程
http://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458282109&idx=1&sn=81a84f51043fbed4c391ab4cc3d9d293&scene=0#wechat_redirect

[运维安全] 企业安全建设之搭建开源SIEM平台（下）
https://mp.weixin.qq.com/s?__biz=MzIwOTc0MDU3NA==&mid=2247483849&idx=1&sn=89a85be39223b04ac8badfb0860189d7&chksm=976e77b8a019feae05526ed8a2b172a38ffc6509f3c17dad52d468921879519a00d72164e1f2&scene=0&key=6f882f576ea60105653bf2dcfd57266b9c173d37869ecc04

[工具] cgPwn：用于硬件安全测试（Fuzzing，SymEx，Exploit）的轻量级虚拟机
http://www.mottoin.com/97672.html

[运维安全] 软件定义安全白皮书PPT解读
http://blog.nsfocus.net/software-definition-security-white-paper-ppt/

[设备安全] Termineter – Smart Meter Security Testing Framework
http://www.darknet.org.uk/2017/02/termineter-smart-meter-security-testing-framework/

[Web安全] KindEditor开源富文本编辑框架XSS漏洞
http://www.freebuf.com/articles/web/128076.html

[Web安全] AWS gamified security challenges
http://flaws.cloud/

[漏洞分析] 一个有意思的Apple XSS（CVE-2016-7762）的分析与思考
http://avfisher.win/archives/660

[运维安全] python 自动化运维模块收集
http://mp.weixin.qq.com/s?__biz=MzI2MjA5MjUwMQ==&mid=2650019678&idx=1&sn=ee1eb3d847553e4dbbea56b40516cb03&chksm=f250d4e4c5275df23dc139b8ac07301aea727ec76210de0415bb2ff71b342891b3a9a7def4df&mpshare=1&scene=23&srcid=0302uyBJiutYubn5JIUxm76F%23rd

[漏洞分析] Profiling a .NET Core Application on Linux
http://blogs.microsoft.co.il/sasha/2017/02/27/profiling-a-net-core-application-on-linux/

[Web安全] 巡风在隔离网络环境下的离线更新方案
http://www.mottoin.com/97143.html

[运维安全] 基于Jenkins和Kubernetes的CI工作流
http://mp.weixin.qq.com/s?__biz=MzA5OTAyNzQ2OA==&mid=2649693456&idx=1&sn=b36ed8057c23113da2396b77208689f1&scene=0#wechat_redirect

[漏洞分析] CVE-2016-9892 - Remote Code Execution as Root via ESET Endpoint Antivirus 6
http://seclists.org/fulldisclosure/2017/Feb/68

[编程技术] Phantomjs爬过的那些坑
http://thief.one/2017/03/01/Phantomjs%E7%88%AC%E8%BF%87%E7%9A%84%E9%82%A3%E4%BA%9B%E5%9D%91/

[无线安全] 低成本安全硬件（二）——RFID on PN532
http://jia1s.info/rfid-on-rpi/

[工具] FileSensor：基于爬虫的动态敏感文件探测工具
http://www.mottoin.com/97353.html

[工具] 各种形式隐写工具合集
http://www.mottoin.com/97414.html

[运维安全] 保护内网安全之提高Windows AD安全性（二）
http://www.4hou.com/technology/3455.html

[编程技术] 动态IP解决新浪的反爬虫机制
https://github.com/szcf-weiya/SinaSpider

[设备安全] 一种虚拟安全控制的思路和实现
https://mp.weixin.qq.com/s?__biz=MzI2MjQ1NTA4MA==&mid=2247483702&idx=1&sn=a928648be97d24b339b597675d045daf&chksm=ea4bab71dd3c2267dd5d27d6878d7e77965193c693e1d969d37df53b06cd6f556000f3e96917&mpshare=1&scene=1&srcid=0226k0HTgcHK6Hbaj0QyJPDh&key=1b5c68b

[移动安全] Mobile-Security-Framework-MobSF
https://github.com/MobSF/Mobile-Security-Framework-MobSF

[Web安全] Phishers unleash simple but effective social engineering techniques using PDF at
https://blogs.technet.microsoft.com/mmpc/2017/01/26/phishers-unleash-simple-but-effective-social-engineering-techniques-using-pdf-attachments/?platform=hootsuite

[Web安全] Ok Google, Give Me All Your Internal DNS Information!
https://www.rcesecurity.com/2017/03/ok-google-give-me-all-your-internal-dns-information/

[Web安全] php代码审计之弱类型引发的灾难
http://blog.topsec.com.cn/ad_lab/php%e4%bb%a3%e7%a0%81%e5%ae%a1%e8%ae%a1%e4%b9%8b%e5%bc%b1%e7%b1%bb%e5%9e%8b%e5%bc%95%e5%8f%91%e7%9a%84%e7%81%be%e9%9a%be/

[其它] 企业安全建设之浅谈数据防泄露
http://mp.weixin.qq.com/s/vbTxrkLXu1ES4mqetNuY_Q

[移动安全] Android 渗透测试学习手册（九）编写渗透测试报告
http://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458282109&idx=2&sn=a31aaf55970d2b58d2231406feccaa12&scene=0#wechat_redirect

[恶意分析] 恶意软件分析大合集
https://github.com/rshipp/awesome-malware-analysis/blob/master/%E6%81%B6%E6%84%8F%E8%BD%AF%E4%BB%B6%E5%88%86%E6%9E%90%E5%A4%A7%E5%90%88%E9%9B%86.md

[漏洞分析] 全球MySQL数据库沦为新一轮勒索软件攻击目标
http://www.4hou.com/info/news/3523.html

[Web安全] nosqlinjection_wordlists: payload to test NoSQL Injections
https://github.com/cr0hn/nosqlinjection_wordlists

[工具] 六种常用的网络流量特征提取工具
http://mp.weixin.qq.com/s/QsteT_86uwViXSFXspJHJQ

[Web安全] Getting read access on TGI Friday’s online ordering system
https://www.adamlogue.com/getting-read-access-on-tgi-fridays-online-ordering-system-fixed/

[Web安全] Gathering Email Information Tool
https://github.com/m4ll0k/infoga

[取证分析] 注意，你注册的假1024可能就是它
http://weibo.com/ttarticle/p/show?id=2309404080137598567962

[比赛] 第三届XCTF——郑州站ZCTF第一名战队Writeup
http://bobao.360.cn/ctf/detail/186.html

[运维安全] 实战NTP放大攻击防御方案
https://dev.21ds.cn/article/41.html

[运维安全] MySQL Sniffer :基于 MySQL 协议的抓包工具
https://github.com/Qihoo360/mysql-sniffer/blob/master/README_CN.md

[Web安全] 通过双重跳板漫游隔离内网
https://xianzhi.aliyun.com/forum/read/768.html

[杂志] SecWiki周刊（第156期)
https://www.sec-wiki.com/weekly/156

[移动安全] The Evolution of Mobile Security Through the Years 地址位置应用摄像头
https://securingtomorrow.mcafee.com/consumer/mobile-security/mobile-security-evolution/

[Web安全] FB Event Map API
https://github.com/mromnia/fb_event_map

[移动安全] Android 渗透测试学习手册（八）ARM 利用
http://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458282106&idx=1&sn=5e9e02864dfedfd3d8a69e8a693ce18e&scene=0#wechat_redirect

[Web安全] Bypassing User Account Control (UAC) using TpmInit.exe
http://uacmeltdown.blogspot.jp/

[Web安全] Detecting and Preventing Spear Pishing Attacks Using DNS
https://n0where.net/domain-name-typosquatting-crazyparser/

[编程技术] Flask的url_for重定向问题和相应源码分析
http://jiayi.space/post/flaskde-url_forzhong-ding-xiang-wen-ti-he-xiang-ying-yuan-ma-fen-xi

[运维安全] 回归一线应用运维的底线——先做好最基本的事
http://mp.weixin.qq.com/s?__biz=MzI2MjA5MjUwMQ==&mid=2650019691&idx=1&sn=7551ccef5346fe2e76633b4206291e66&chksm=f250d4d1c5275dc7496c8dc9c5677e8b29ae266e7b255b2576a9b3b59e6bd069f23faea23885&mpshare=1&scene=23&srcid=0302IbxcJvZl15fh7D4uVeQN%23rd

[取证分析] 互联网定位技术小谈
https://xianzhi.aliyun.com/forum/read/775.html

[恶意分析] 百度旗下网站暗藏恶意代码——劫持用户电脑疯狂“收割”流量
http://www.4hou.com/technology/3546.html

[移动安全] Android 渗透测试学习手册（七）不太知名的 Android 漏洞
http://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458282104&idx=1&sn=00918a40555200377ec83a20b6f86101&scene=0#wechat_redirect

[恶意分析] Two new Mac backdoors discovered
https://blog.malwarebytes.com/cybercrime/2017/03/two-new-mac-backdoors-discovered/

[Web安全] Hacking Slack using postMessage and WebSocket-reconnect to steal your precious token
https://labs.detectify.com/2017/02/28/hacking-slack-using-postmessage-and-websocket-reconnect-to-steal-your-precious-token/

[Web安全] Xpath Automated SQL Injection
https://github.com/r0oth3x49/Xpath

[工具] An advanced fuzzing framework designed to find vulnerabilities in C/C++ code
https://github.com/oxagast/ansvif

[移动安全] Mobile malware evolution 2016 移动恶意分析总结
https://securelist.com/analysis/kaspersky-security-bulletin/77681/mobile-malware-evolution-2016/

[文档] 区块链资料
https://github.com/gymgle/blockchain-reference

[Web安全] SQL Injection Vulnerability in NextGEN Gallery for WordPress
https://blog.sucuri.net/2017/02/sql-injection-vulnerability-nextgen-gallery-wordpress.html

[取证分析] Useful Windows Command Line Tricks
http://blog.kulshitsky.com/2017/02/useful-windows-command-line-tricks.html?m=1

[其它] 机器人也饱受安全漏洞折磨
http://mp.weixin.qq.com/s/4DWp9K8GsJm_6ymiiAlerQ

[Web安全] subdomain3:a simple and fast tool for bruting subdomains
https://github.com/yanxiu0614/subdomain3

[Web安全] Password History Analysis
https://blog.didierstevens.com/2017/02/28/password-history-analysis/

-----微信ID：SecWiki-----
SecWiki，12年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第157期)

SecWiki周刊（第157期）

最新公告

友情链接

SecWiki公众号

安全学术圈