SecWiki周刊(第166期)
2017/05/01-2017/05/07
安全资讯
[新闻]  网信办就《网络产品和服务安全审查办法》征求意见
http://news.china.com.cn/txt/2017-02/04/content_40221621.htm
[运维安全]  IBM如何看待SOC和态势感知
http://www.aqniu.com/learn/24734.html
[新闻]  中国量子计算机诞生,创世界纪录
http://news.163.com/17/0503/09/CJGILK43000187VI.html
[观点]  中央网信办的全称是什么?今天发的文件对后续网络安全工作的意义
http://mp.weixin.qq.com/s/M-L7jod4Xr81cey6TNFzUA
安全技术
[Web安全]  MS17-010 漏洞(SMB)扫描工具-单文件
https://github.com/RiskSense-Ops/MS17-010/blob/master/scanners/smb_ms17_010.py
[漏洞分析]  公开的未修复漏洞列表
https://github.com/ludios/unfixed-security-bugs
[Web安全]  手把手教你如何使用Docker进行Web渗透测试
http://www.freebuf.com/articles/web/133318.html
[Web安全]  【技术分享】WebSocket漏洞与防护详解
http://bobao.360.cn/learning/detail/3795.html
[运维安全]  Docker基础总结
http://thief.one/2017/05/04/1/
[工具]  修改Hosts即刻访问Google,Facebook,Twitter,YouTube,Torproject
https://hack80.wordpress.com/2017/05/05/hosts-5-5/
[工具]  密码学(Crypto)一些在线解密网站
http://wiki.bodkin.ren/CTF/Crypto/DecryptWebList.md
[运维安全]  配置YubiKey通过Challenge Response 模式登录Linux
http://www.cnblogs.com/xiaoxiaoleo/p/6806525.html
[漏洞分析]  Automatic Exploit Generation:漏洞利用自动化
https://zhuanlan.zhihu.com/p/26690230
[编程技术]  根据公司名抓取相关员工的Linkedin数据
http://blog.csdn.net/bone_ace/article/details/71055153
[Web安全]  sensitivefilescan: 目录遍历与敏感文件扫描工具
https://github.com/aipengjie/sensitivefilescan
[Web安全]  WordPress Core 4.6 - Unauthenticated Remote Code Execution (RCE) PoC Exploit
https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html
[编程技术]  图形解锁验证码破解(附Python代码)
http://blog.csdn.net/bone_ace/article/details/71056741
[其它]  PWN2OWN 2017 Linux 内核提权漏洞分析
https://zhuanlan.zhihu.com/p/26674557
[Web安全]  Wordpress 4.6远程代码执行漏洞(CVE-2016-10033)复现环境搭建指南
http://www.freebuf.com/vuls/133860.html
[Web安全]  漏洞预警-WordPress 4.6 远程代码执行(附PoC和演示视频)
http://blog.shellpub.com/2017/05/03/wordpress_core_remote_code_excute.html
[数据挖掘]  wooyunallbugs: wooyun_all_bugs 历史存档数据和图片
https://github.com/m0l1ce/wooyunallbugs
[Web安全]  WordPress Core <= 4.7.4 Potential Unauthorized Password Reset (0day)
https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
[无线安全]  如何利用Fluxion诱惑目标用户获取WPA密码
http://www.freebuf.com/articles/wireless/133315.html
[无线安全]  蓝牙App漏洞系列分析之一CVE-2017-0601
https://xianzhi.aliyun.com/forum/read/1570.html
[杂志]  第一期白帽时鉴期刊 - 密码: mfpt
https://pan.baidu.com/s/1kVI93BT
[比赛]  liberty writeup defcon 2017
https://github.com/deroko/liberty
[漏洞分析]  Fastjson Unserialize Vulnerability Write Up
https://ricterz.me/posts/Fastjson%20Unserialize%20Vulnerability%20Write%20Up
[Web安全]  SSF: Secure Socket Funneling (SSF) is a network tool and toolkit
https://securesocketfunneling.github.io/ssf/#home
[Web安全]  代理转发工具汇总分析
https://www.t00ls.net/articles-35614.html
[工具]  NSA后门程序DoublePulsar事件后续,清理工具下载点这里
http://www.freebuf.com/articles/system/133302.html
[文档]  Threat Hunting and IR Summit SANS组织的威胁追踪会议PPT
https://digital-forensics.sans.org/community/summits
[Web安全]  XSS Bypass Cookbook ver 3.0 附带 PDF 下载
http://www.math1as.com/index.php/archives/426/
[比赛]  UIUCTF 2017 - ZippyPics
https://jbzteam.github.io/web/UIUC2017-ZippyPics
[移动安全]  TrustZone安全技术研究
http://paper.seebug.org/296/
[论文]  计算机系统安全学术圈分析-数据为近十几年的顶会论文
http://www.csyssec.org/20161230/csysseccircus/
[设备安全]  Intel's remote AMT vulnerablity
http://mjg59.dreamwidth.org/48429.html
[Web安全]  Pwning PHP mail() function For Fun And RCE
https://exploitbox.io/paper/Pwning-PHP-Mail-Function-For-Fun-And-RCE.html
[设备安全]  从hash传递攻击谈相关Windows安全机制
http://bobao.360.cn/learning/detail/3793.html
[Web安全]  Smart7ec:基于Linux c开发的插件式扫描器(Python/lua)
https://github.com/hxp2k6/smart7ec-scan-console
[文档]  The slides of BFH2017 漏洞分析与利用培训课程 PPT
https://exploit.courses/files/bfh2017/content.html
[工具]  Shodan新工具发布:木马恶意软件C&C服务器搜索引擎
http://www.freebuf.com/sectool/133663.html
[数据挖掘]  数据驱动安全架构升级---“花瓶”模型迎来V5.0(二)
http://zhaisj.blog.51cto.com/219066/1921936
[设备安全]  Architecting a Modern Defense using Device Guard
https://drive.google.com/file/d/0B-K55rLoulAfOGVteEllR0xnRnc/view
[杂志]  【白帽时鉴期刊第一期】在线阅读及PDF下载 – 即刻安全
http://www.secist.com/archives/3293.html
[漏洞分析]  【漏洞分析】PHPCMS V9.6.1 任意文件读取漏洞分析(含PoC,已有补丁)
http://bobao.360.cn/learning/detail/3805.html
[运维安全]  搭建自己的 Docker Mirror
http://blog.evalbug.com/2016/08/28/docker_mirror/
[工具]  vulners.com [漏洞、exploit等]
https://vulners.com
[Web安全]   Android软件逆向核心技术
http://www.ichunqiu.com/course/57341
[运维安全]  有效的Threat Hunting之一-Who, What, Where, When, Why and How
https://www.sec-un.org/%e6%9c%89%e6%95%88%e7%9a%84threat-hunting%e4%b9%8b%e4%b8%80-who-what-where-when-why-and-how/
[数据挖掘]  数据驱动安全架构升级---“花瓶”模型迎来V5.0(一)
http://zhaisj.blog.51cto.com/219066/1921892
[工具]  【渗透神器系列】nmap
http://thief.one/2017/05/02/1/
[运维安全]  Active Directory攻防实验室环境搭建教程(一)
http://www.4hou.com/technology/4451.html
[Web安全]  新式攻击使用W3C环境光线传感器来窃取浏览器的敏感信息(含演示视频)
http://www.freebuf.com/articles/web/133004.html
[恶意分析]  flare-floss: FireEye Labs Obfuscated String Solver 混淆字符串提取工具
https://github.com/fireeye/flare-floss
[恶意分析]   Stealthy RAT Targeting North Korea Since 2014
https://threatpost.com/stealthy-rat-targeting-north-korea-since-2014/125450/
[Web安全]   bug bounty - 绕过限制劫持Skpe账号
http://blog.csdn.net/u011721501/article/details/71107858
[恶意分析]  Malware Hunter — Shodan's new tool to find Malware C&C Servers
http://thehackernews.com/2017/05/shodan-malware-hunter.html
[Web安全]  [黑客故事] 盘点史上最严重的的十大黑客袭击事件
https://bbs.ichunqiu.com/forum.php?mod=viewthread&tid=18986&extra=page%3D1%26filter%3Dtypeid%26typeid%3D153
[工具]  80 Linux Monitoring Tools
https://www.serverdensity.com/monitor/linux/how-to/
[杂志]  SecWiki周刊(第165期)
https://www.sec-wiki.com/weekly/165
[观点]  Who is Publishing NSA and CIA Secrets, and Why?
https://www.schneier.com/blog/archives/2017/05/who_is_publishi.html
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第166期)