SecWiki周刊(第162期)
2017/04/03-2017/04/09
安全资讯
APT10:中国黑客组织攻击全球IT服务供应商
http://www.mottoin.com/99776.html
http://www.mottoin.com/99776.html
换用iPhone后 特朗普仍然可能遭到黑客攻击
https://www.t00ls.net/articles-39021.html
https://www.t00ls.net/articles-39021.html
Know your community – Stefan Esser
https://blogs.securiteam.com/index.php/archives/3037
https://blogs.securiteam.com/index.php/archives/3037
安全技术
2017 AsiaCSS 会议论文列表
http://dl.acm.org/citation.cfm?id=3052973&CFID=748511376
http://dl.acm.org/citation.cfm?id=3052973&CFID=748511376
CentOS 7 主机加固实践(共三篇)
http://www.cnblogs.com/xiaoxiaoleo/p/6678727.html
http://www.cnblogs.com/xiaoxiaoleo/p/6678727.html
wifi渗透流程整理-合天网安新闻
http://www.hetianlab.com/html/news/news-2017040501.html
http://www.hetianlab.com/html/news/news-2017040501.html
常见 WEB 安全漏洞_网站安全_i春秋社区-分享你的技术,为安全加点温度
https://bbs.ichunqiu.com/thread-21386-1-1.html
https://bbs.ichunqiu.com/thread-21386-1-1.html
安全攻城师系列文章-web常见漏洞攻防讲解(中)
http://mp.weixin.qq.com/s?__biz=MzI4NjEyMDk0MA==&mid=2649846423&idx=1&sn=47f06e1724eda1bae546b19a08d777e8&chksm=f3e41c14c49395021345dbc99092ea92af1ff6890ae1e3641cc633dcf8ed68025afbe2868d44&scene=0#rd
http://mp.weixin.qq.com/s?__biz=MzI4NjEyMDk0MA==&mid=2649846423&idx=1&sn=47f06e1724eda1bae546b19a08d777e8&chksm=f3e41c14c49395021345dbc99092ea92af1ff6890ae1e3641cc633dcf8ed68025afbe2868d44&scene=0#rd
AI-Driven-WAF: Artificial intelligence-driven Web Firewall
https://github.com/exp-db/AI-Driven-WAF
https://github.com/exp-db/AI-Driven-WAF
ThreatHuner-Playbook: 从Windows事件和Sysmon日志分析取证
https://github.com/VVard0g/ThreatHunter-Playbook
https://github.com/VVard0g/ThreatHunter-Playbook
从Google白皮书看企业安全最佳实践
http://tech.meituan.com/GoogleSecurity_ayazero.html
http://tech.meituan.com/GoogleSecurity_ayazero.html
有趣的二进制读书笔记
http://www.mottoin.com/99834.html
http://www.mottoin.com/99834.html
Dissecting One of APT29’s Fileless WMI and PowerShell Backdoors (POSHSPY)
https://www.fireeye.com/blog/threat-research/2017/03/dissecting_one_ofap.html
https://www.fireeye.com/blog/threat-research/2017/03/dissecting_one_ofap.html
Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 1)
http://googleprojectzero.blogspot.ae/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html
http://googleprojectzero.blogspot.ae/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html
setting-up-an-email-honeypot-spamtrap-malware-malspam-trap
https://myonlinesecurity.co.uk/setting-up-an-email-honeypot-spamtrap-malware-malspam-trap/
https://myonlinesecurity.co.uk/setting-up-an-email-honeypot-spamtrap-malware-malspam-trap/
How we exploited a remote code execution vulnerability in math.js
https://capacitorset.github.io/mathjs/
https://capacitorset.github.io/mathjs/
淘宝文胸商品评论内容爬取与简单分析
https://github.com/nladuo/taobao_bra_crawler
https://github.com/nladuo/taobao_bra_crawler
在线恶意软件和URL分析集成框架 – MalSub
http://www.freebuf.com/sectool/130199.html
http://www.freebuf.com/sectool/130199.html
The 2016-2017 iCTF DDoS
https://ictf.cs.ucsb.edu/pages/the-2016-2017-ictf-ddos.html
https://ictf.cs.ucsb.edu/pages/the-2016-2017-ictf-ddos.html
OG-Miner : Data Crawling on Steroids
https://umbrella.cisco.com/blog/2017/04/04/og-miner-data-crawling-steroids/
https://umbrella.cisco.com/blog/2017/04/04/og-miner-data-crawling-steroids/
mimipenguin: Linux 下密码抓取工具
https://github.com/huntergregal/mimipenguin
https://github.com/huntergregal/mimipenguin
SecWiki周刊(第161期)
https://www.sec-wiki.com/weekly/161
https://www.sec-wiki.com/weekly/161
金融企业安全建设探索之四个安全建设问题
http://mp.weixin.qq.com/s/-tVQSJ1dyHleBAj9YFE_Xw
http://mp.weixin.qq.com/s/-tVQSJ1dyHleBAj9YFE_Xw
ATMitch: remote administration of ATMs
https://securelist.com/blog/sas/77918/atmitch-remote-administration-of-atms/
https://securelist.com/blog/sas/77918/atmitch-remote-administration-of-atms/
Apache 常见加固 – 0xmh's Blog
http://www.0xmh.com/apache-%E5%B8%B8%E8%A7%81%E5%8A%A0%E5%9B%BA/?utm_source=tuicool&utm_medium=referral
http://www.0xmh.com/apache-%E5%B8%B8%E8%A7%81%E5%8A%A0%E5%9B%BA/?utm_source=tuicool&utm_medium=referral
瑞星提醒:短信拦截马病毒近期活跃并大肆偷取用户钱财
http://www.mottoin.com/99933.html
http://www.mottoin.com/99933.html
wesome-sentiment-analysis: A curated list of Sentiment Analysis methods
https://github.com/xiamx/awesome-sentiment-analysis
https://github.com/xiamx/awesome-sentiment-analysis
OS X 逆向实例(二)- BetterZip 3.1.2
https://and-rev.blogspot.com/2017/04/os-x-betterzip-312.html
https://and-rev.blogspot.com/2017/04/os-x-betterzip-312.html
黑客小说杀手 (第十五章 真相)
http://www.jianshu.com/p/b31af11b0fd6
http://www.jianshu.com/p/b31af11b0fd6
Domain Whitelist Benchmark: Alexa vs Umbrella
http://www.netresec.com/?page=Blog&month=2017-04&post=Domain-Whitelist-Benchmark%3a-Alexa-vs-Umbrella
http://www.netresec.com/?page=Blog&month=2017-04&post=Domain-Whitelist-Benchmark%3a-Alexa-vs-Umbrella
Threat Round-up for Mar 31
http://blog.talosintelligence.com/2017/04/threat-roundup-0331-0407.html
http://blog.talosintelligence.com/2017/04/threat-roundup-0331-0407.html
Microsoft Edge:插件检测
http://paper.seebug.org/266/
http://paper.seebug.org/266/
Pegasus for Android analysis by Lookout
https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-android-technical-analysis.pdf
https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-android-technical-analysis.pdf
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第162期)
