SecWiki周刊（第161期)

SecWiki周刊（第161期）

2017/03/27-2017/04/02

安全资讯

[设备安全] About 90% of Smart TVs Vulnerable to Remote Hacking via Rogue TV Signals
https://www.bleepingcomputer.com/news/security/about-90-percent-of-smart-tvs-vulnerable-to-remote-hacking-via-rogue-tv-signals/

[无线安全] 专为安全讯飞输入法联手腾讯御安全提升体验
http://yaq.qq.com/blog/20

[人物] 人物-netwind | 十年磨一剑
https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458282344&idx=1&sn=5d27119c05fc14b25b4eb862f5fd7a63&scene=0#wechat_redirect

[新闻] 看看Palo Alto Networks下一代安全平台的主要亮点
http://www.aqniu.com/tools-tech/23979.html

安全技术

[Web安全] CTF比赛总是输？你还差点Tricks
https://drive.google.com/file/d/0B4uxE69uafD5c0lLbGh1NjNoOGM/view

[Web安全] MySQL Order By 注入总结
https://mp.weixin.qq.com/s?__biz=MzIxODIzNzgwMw==&mid=2654056022&idx=1&sn=0087cf7797dc4c0b25e0e0585ef6ee13&chksm=8c289052bb5f1944fc89e6ed31cfcf0d16ece879b861221a25ce1c374b88e616e944c950be0b&mpshare=1&scene=1&srcid=0329ATMPiA7rBZFD84sWuOPt#rd

[论文] NDSS 2017 参会小记
https://zhuanlan.zhihu.com/p/26082974?group_id=830733298354491392

[其它] 先知白帽大会PPT来啦-第二波
https://mp.weixin.qq.com/s?__biz=MzI5MzY2MzM0Mw==&mid=2247483669&idx=1&sn=caa898eea9cb378115d96d81144486a5&chksm=ec6fe615db186f0351458e3349387ba684754de4cb37ea3149798d06f26ee769fb87cea489d0&mpshare=1&scene=1&srcid=0330AhRbiGhM8FIRszKjKmFn&key=69fcea0

[漏洞分析] Docker 容器逃逸案例分析
https://yq.aliyun.com/articles/57803

[Web安全] 本屌web漏洞扫描器思路技巧总结（web爬虫篇-1）
http://weibo.com/ttarticle/p/show?id=2309404089676607652351

[Web安全] 我的渗透测试之道
http://mp.weixin.qq.com/s/zxoLYFzzsU-wXh6Ro3GzRg

[工具] Sec-Box（信息安全工具集合）
https://github.com/tengzhangchao/Sec-Box

[Web安全] 漏洞挖掘之域名信息收集
http://mp.weixin.qq.com/s?__biz=MzUzNzAzNzUzMA==&mid=2247483675&idx=1&sn=3d747238798e8b2162375a97398825b0&chksm=faec5eaecd9bd7b8497aadf9ec53c966d0180f4de22a3191699beee13a3c8f86f0f5664a75b5&mpshare=1&scene=1&srcid=0329SsiD1Q8fCaYygQEEsaYk#rd

[Web安全] 漏洞挖掘之逻辑漏洞挖掘
http://mp.weixin.qq.com/s?__biz=MzUzNzAzNzUzMA==&mid=2247483681&idx=1&sn=e8e7545d5d5fe137a8b93372d32d7d84&chksm=faec5e94cd9bd78207e2ead3550b7cd5f5f6f67297b63076761f4822e5c491624aec00df22c8&mpshare=1&scene=1&srcid=0330hZVYeyl3LaxVqGNh3Rso#rd

[Web安全] 安全攻城师系列文章－信息收集工具篇
https://mp.weixin.qq.com/s?__biz=MzI4NjEyMDk0MA==&mid=2649846375&idx=1&sn=f15094740bc6ea61f801a28b4a93575e&chksm=f3e41ce4c49395f216f71c71a52b5b9dc24a8c6b6597272422b2c52b189a92fa4516b73e7337&mpshare=1&scene=1&srcid=0401nl11L5GMs3Uxlp6bIuwl&key=65f240a

[Web安全] 《Web之困》读书笔记 | Pythoner
http://www.pythoner.com/386.html

[Web安全] 漏洞挖掘经验分享
http://mp.weixin.qq.com/s?__biz=MzUzNzAzNzUzMA==&mid=2247483663&idx=1&sn=bbb55ccd0e4b28d1ba2b721bd710fb0e&chksm=faec5ebacd9bd7ac6b2645a99e0ee1be17ef851fcbee134a0f21ef2f93a9be6bf29c5e83b4f7&mpshare=1&scene=1&srcid=0329TPtQ2znutL7D5sJsL9wk#rd

[Web安全] 安全攻城师系列文章－敏感信息收集
https://mp.weixin.qq.com/s?__biz=MzI4NjEyMDk0MA==&mid=2649846345&idx=1&sn=0ef2a93f7731ad9bc64443a846a65a28&chksm=f3e41ccac49395dcd0f5d24acfb6983005f2e45e6e59897afae0d6f82491e09075285daf27f4&scene=0&key=be209c0774a2a72dbd7c466abaf71566f5d42699ce4d22d5

[Web安全] dnsbrute: 域名爆破，基于api接口和字典
https://github.com/chuhades/dnsbrute

[其它] 谈谈 Vim 的几种文件备份
http://www.evilclay.com/2017/03/31/%E8%B0%88%E8%B0%88-Vim-%E7%9A%84%E5%87%A0%E7%A7%8D%E6%96%87%E4%BB%B6%E5%A4%87%E4%BB%BD/

[Web安全] 猪猪侠历次分享总结
https://github.com/ring04h/papers

[Web安全] 涉嫌入侵雅虎的俄罗斯黑客Alexsey Belan常用渗透手段（TTPs）
http://www.freebuf.com/news/130209.html

[其它] Docker 镜像加速器
https://yq.aliyun.com/articles/29941

[视频] BalCCon2k16（video list）
https://ftp.lugons.org/BalCCon2k16/

[漏洞分析] 大华摄像头敏感信息泄露漏洞事件分析
http://paper.seebug.org/257/

[文档] Black Hat Asia 2017 PPT 下载
https://www.blackhat.com/asia-17/briefings.html

[Web安全] FileSensor: 基于爬虫的动态敏感文件探测工具
https://github.com/Xyntax/FileSensor

[Web安全] 内网渗透思路整理与工具使用
http://bobao.360.cn/learning/detail/3683.html

[恶意分析] EquationDrug rootkit analysis (mstcp32.sys)
http://artemonsecurity.blogspot.com/2017/03/equationdrug-rootkit-analysis-mstcp32sys.html

[Web安全] ring04h的白帽学习路线--20170325
https://github.com/ring04h/papers/blob/master/%E6%88%91%E7%9A%84%E7%99%BD%E5%B8%BD%E5%AD%A6%E4%B9%A0%E8%B7%AF%E7%BA%BF--20170325.pdf

[运维安全] Secure-Host-Baseline:Windows安全配置基线
https://github.com/iadgov/Secure-Host-Baseline

[Web安全] 通过DNS日志来检测Java反序列化漏洞
http://gosecure.net/2017/03/22/detecting-deserialization-bugs-with-dns-exfiltration/

[运维安全] 端点保护的那些事儿：盘点国外流行EDR产品
http://www.freebuf.com/articles/terminal/131024.html

[恶意分析] Shamoon2恶意样本技术分析与检测防护方案
http://blog.nsfocus.net/shamoon2-malicious-sample-technology-analysis-detection-protection-program/

[恶意分析] APT29 Domain Fronting With TOR
https://www.fireeye.com/blog/threat-research/2017/03/apt29_domain_frontin.html

[Web安全] 白帽子Gr36手把手教你挖漏洞|漏洞研究
https://xianzhi.aliyun.com/forum/read/1427.html

[设备安全] 工控系统的指纹识别技术
https://mp.weixin.qq.com/s?__biz=MzA5OTMwMzY1NQ==&mid=2647833962&idx=1&sn=c29ac1492087fedf1203d69094f3e50c&scene=0#wechat_redirect

[编程技术] Phantomjs正确打开方式
http://thief.one/2017/03/31/Phantomjs%E6%AD%A3%E7%A1%AE%E6%89%93%E5%BC%80%E6%96%B9%E5%BC%8F/

[Web安全] IIS6.0远程命令执行漏洞(CVE-2017-7269)
http://thief.one/2017/03/29/IIS6-0%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E-CVE-2017-7269/

[会议] 201703_BSidesCBR-ZXSecurity_Practical_GPS_Spoofing
https://zxsecurity.co.nz/presentations/201703_BSidesCBR-ZXSecurity_Practical_GPS_Spoofing.pdf

[其它] 八百元八核的服务器？二手服务器搭建指南
http://www.freebuf.com/geek/130366.html

[其它] 渗透测试中的Application Verifier(DoubleAgent利用介绍)
http://www.4hou.com/uncategorized/reverse/4005.html

[Web安全] Hashview：Hashcat 密码破解的 Web 可视化和管理平台
http://www.mottoin.com/99205.html

[视频] 企业安全建设之使用开源软件建设大规模WAF集群
http://www.freebuf.com/special/127713.html

[取证分析] 另类追踪之——被“策反”的安全机制
http://www.arkteam.net/?p=1646

[取证分析] intel_collection_tools: 多个威胁情报分析的脚本文件
https://github.com/wolfpack1/intel_collection_tools

[运维安全] ANOMALI STAXX威胁情报订阅分析系统把玩
http://phantom0301.cc/2017/03/27/staxx/

[数据挖掘] 学点算法搞安全之apriori
https://mp.weixin.qq.com/s/fPUaQLFAcM6dstoROnf3iA

[运维安全] 2017年6款最值得推荐的免费Linux防火墙
http://www.4hou.com/info/news/4018.html

[Web安全] IIS 6.0 远程代码执行
https://github.com/edwardz246003/IIS_exploit/

[Web安全] 勾陈安全实验室每周技术分享材料
http://www.polaris-lab.com/index.php/share.html

[Web安全] 某种流量劫持攻击的原理简述和演示
http://mp.weixin.qq.com/s/cq-Hg7iNB4FP06JKWS7Rjg

[Web安全] Referrer spoofing with iframe injection
http://paper.seebug.org/258/

[Web安全] 记一次有趣的二次越权
https://www.t00ls.net/thread-38883-1-1.html

[漏洞分析] Pwnbox: A Docker Container For Reverse Engineering & Exploitation!
https://github.com/superkojiman/pwnbox

[杂志] SecWiki周刊（第160期)
https://www.sec-wiki.com/weekly/160

[设备安全] Threat Landscape for Industrial Automation Systems in the second half of 2016
https://ics-cert.kaspersky.com/reports/2017/03/28/threat-landscape-for-industrial-automation-systems-in-the-second-half-of-2016/

[Web安全] 基于MitM的RDP降级攻击
https://xianzhi.aliyun.com/forum/read/1434.html

[数据挖掘] 支付风控模型和流程分析
https://xianzhi.aliyun.com/forum/read/1437.html

[设备安全] IoT设备程序开发及编译环境搭建初体验
http://www.freebuf.com/sectool/130091.html

[Web安全] 数据库防火墙
https://github.com/nim4/DBShield

-----微信ID：SecWiki-----
SecWiki，12年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第161期)

SecWiki周刊（第161期）

最新公告

友情链接

SecWiki公众号

安全学术圈